Mário Lopes wrote: >Yeah, you seem right. WebDAV isn't very secure, at least, not as >secure as tunneling through SSH. > >I decided to do this because I was having problems with permissions >using SSH. When I try to commit something, it returns permission >denied. The repository is set to root/%PROJECT-GROUP so what could be >the problem? Isn't the sv_membersh running as the same unix group? > > That may just be a problem with umask and such. Also related to the backend choice, we use fsfs because the bdb ones have weird permission requirements to work correctly ( if I remember right, with bdb group read is not enough, you also need to have group write to write to the repo .. well it's just screwed up enough that you don't want to use it really ).
TTimo >Thanks again for your kind replies. > >-- Mário Lopes > >On 8/22/05, Timothee Besset <[EMAIL PROTECTED]> wrote: > > >>Well it's pretty much all there: >>http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html >> >>If you need write access control for webdav, you need to maintain global >>AuthzSVNAccessFile and AuthUserFile. They say you can modify it live >>while the server is running. >> >>A more scalable solution would be an LDAP backend or such for authz, but >>that requires apache API changes ( which have been proposed and are >>discussed, but are not there yet ). >> >>So that's basically the reasons we're not doing it at gna: >> >>- we only have ssh keys, we don't actually have passwords anywhere >>- password over http isn't safe compared to svn over ssh with ssh keys >>auth. I guess we'd want it at least https, even better may be with >>client side certificates ( then it reaches about the same security level >>as svn+ssh ) >>- the apache server runs as www-data. don't have write permissions to >>the repositories at all atm. if you are going to run apache with enough >>priviledges to write to the repo, you have to carefully setup >>permissions so you don't break write for the svn+ssh. >> >>TTimo >> >>[EMAIL PROTECTED] wrote: >> >> >> >>>Timothee, do you have any idea regarding Mario Lopes issue? >>> >>> >>> >>> >>> >>>>I've been trying to set up savane with subversion for the last >>>>couple of days. My desire was to have subversion available from >>>>Apache with WebDAV, and for anonymous access, everything is running >>>>fine. >>>> >>>>Since WebDAV doesn't support authentication through MySQL nor unix >>>>users/groups, I was wondering how to manage authentication. Is there >>>>any script that manages this? I'm using 1.0.7 >>>> >>>>Unfortunately, there isn't any tutorial available on this subject. I >>>>don't mind at all to write one as soon as I manage to solve this. >>>> >>>>Any help on this subject would be great. Thanks in advance. >>>> >>>>Kind Regards, >>>> >>>>Mário Lopes >>>> >>>> >>>> >>>> >> >>
