HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   access right questions: jailroot & svnadmin & apache (http://www.howtoforge.com/forums/showthread.php?t=34601)

schildhans 6th May 2009 12:11

access right questions: jailroot & svnadmin & apache
 
Hi,

I plan to install ISPConfig3 on my vServer but I have a few questions before which could not be answered by searching the internet.
I need to install for 3 clients also a SVN repository.
I plan to make a subdomain for each client called svn.domain.tld.
But I am not sure about the access rights.
I would like to give every user the possibility to log in over ssh (with chailroot)
that they can execute svnadmin create repositoryname.
But when accessing svn.domain.tld apache should deliver the repository with
WEBSvn (http://websvn.tigris.org/) and the repository should be registered with svn-access-manager.
Now I am not sure about two things:
- how can i make sure that the users can use the svnadmin command in the jail root?
- how have i set the user rights of the repository? Theoretically if the user creates it and the subdomain uses suexec the repository should be writeable for that user from within the php access manager?

I have no installation of ISPConfig3 here to test, so I have to do a complete switch.
Any suggestions on complete that task?

schildhans

till 6th May 2009 19:06

1) add svnadmin to the list of jailed applications.
2) Setting up the user rights for the repository is not related to ispconfig, you should take a look at one of the the svn guides on the svn homepage.

schildhans 6th May 2009 21:49

Quote:

Originally Posted by till (Post 186525)
1) add svnadmin to the list of jailed applications.
2) Setting up the user rights for the repository is not related to ispconfig, you should take a look at one of the the svn guides on the svn homepage.

1) done, but the client allways gets unknown command for svnadmin. I have in chrooted applications /usr/bin/svnadmin and in app section svnadmin.
2) I thin I was not precise enough. I did not mean the access rights for the svn repository. What I mean is the following. Lets asume i have a user client1 with a domain svn.domain.tld where he wants to have his repository available.
I would configure apache like tis:
Code:

<Location /svn/repos>

  DAV svn

  SVNParentPath /path/top/his/home/repos

  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /path/top/his/home/svn-passwd
  AuthzSVNAccessFile /path/top/his/home/svn-access
  Require valid-user

  SVNIndexXSLT /svnstyle/svnindex.xsl

</Location>

But the problem now is: apache has to have read & write access for the repository. But also client 1 has to have read & write access from its jailroot.
Because as far as I understand suExec works only for php execution but not for an access to dav svn. So apache does not run under the client1's user, or am I wrong?

till 7th May 2009 11:01

1) This works only for new clients.
2) apache always runs under the apache user. But thats not a problem at all asll all repos can be owned by the apache user as the login permissions were handled in the svn-passwd
and do not depend on the file permissions and /path/top/his/home/repos
can be anywere on your server and has not to be in the home directory of the user as the user is able to access the repository by webdav and does not has to access the files directly.


All times are GMT +2. The time now is 12:31.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.