Karl Berry wrote: > drwxrws--- 6 root gnueval 253 Nov 9 11:34 /srv/svn/gnueval/db > > FWIW, I have a vague recollection from my time as gnueval (~15-20 years > ago) that, as a super special case, we explicitly made the repository > private because it contained possibly-nonfree and/or private information > that should not be publicly readable. -k
I have set permissions aback to the above. But now there is the question of how this previously worked. ams and I have been chatting on IRC and the files in the checked out working copy onto fencepost that I can look at myself are older files and definitely were using svn:// protocol to check out those files. The svn:// protocol I just verified uses the xinetd running as the user nobody to read files on disk. Just like the web viewvc is using the www-data user to read the files. But with those permissions it is not possible for the svn:// protocol to ever have worked on it. Yet it seems that it was working on it. This leaves us confused. How could it have been working? Yet when I look at the files it looks like it must have been. And if so then what changed in the last month? This does not make sense. Any ideas that might un-confuse us? We have always based authentication and authorization on using ssh. If the repository is restricted in access then using ssh would be the normal thing to do here. The svn:// protocol (and also http/https) are anonymous and not suitable for a private repository. So moving forward we think it must be ssh:// protocol now. Using ssh from fencepost is inconvenient due to needing to base private keys there but I can't think of another way this needs to be done to make it work such that it can work by cron. Bob
