On 29. Jul 2004, at 21:05, Juergen Schoenwaelder wrote:
On Thu, Jul 29, 2004 at 06:29:08PM +0200, Frank Strau? wrote:
When the repository is accessed through system calls on the filesystem and their access control mechanism (user, group, file mode), it is not possible to control who is allowed to access which projects within a repository. (In CVS it was due to the CVSROOT/ stuff, in SVN all data sits in a single Berkeley DB.) The only alternative would be to create separate repositories per project and one UNIX group per repository and hoping not to exceed the OS' limit of groups per user. Furthermore, I'd like to safely exclude the eventuality that the repository is accessed via NFS, which could cause strange problems due to incompatible locking mechanisms.
I do not care about direct access to the files. But I do not understand the difference between talking SVN native to the svnserv daemon and talking webdav when it comes to access control. In both cases, I think access control is implement in one of the server processes.
That is (theoretically) true for the administratively started svnserve daemon. But in case of the svn+ssh:// scheme, you start svnserve yourself in "tunnel mode" (-t) and svnserve assumes you have been "externally authenticated", so in that case you (your uid, and not an administratively chosen pseudo uid) need access to the repository.
Besides that, also the svnserve daemon (not in tunnel mode) has very limited access control. The documentation says:
Notice that svnserve only understands “blanket” access control. A user either has universal read/write access, universal read access, or no access. There is no detailed control over access to specific paths within the repository. For many projects and sites, this level of access control is more than adequate. However, if you need per-directory access control, you'll need to use Apache instead of svnserve as your server process.
So, what I think is missing is (a) a more fine grained access control mechanism for svnserve (preferably aligned with the apache modules access control), and (b) a way to install svnserve with the suid flag set, so that an svn user cannot access the whole repository database directly.
Anyway, if you prefer to go with webdav, feel free to do. I will be able to adapt to it.
Thanks.