access right questions: jailroot & svnadmin & apache
I plan to install ISPConfig3 on my vServer but I have a few questions before which could not be answered by searching the internet.
I need to install for 3 clients also a SVN repository.
I plan to make a subdomain for each client called svn.domain.tld.
But I am not sure about the access rights.
I would like to give every user the possibility to log in over ssh (with chailroot)
that they can execute svnadmin create repositoryname.
But when accessing svn.domain.tld apache should deliver the repository with
WEBSvn (http://websvn.tigris.org/) and the repository should be registered with svn-access-manager.
Now I am not sure about two things:
- how can i make sure that the users can use the svnadmin command in the jail root?
- how have i set the user rights of the repository? Theoretically if the user creates it and the subdomain uses suexec the repository should be writeable for that user from within the php access manager?
I have no installation of ISPConfig3 here to test, so I have to do a complete switch.
Any suggestions on complete that task?
1) add svnadmin to the list of jailed applications.
2) Setting up the user rights for the repository is not related to ispconfig, you should take a look at one of the the svn guides on the svn homepage.
2) I thin I was not precise enough. I did not mean the access rights for the svn repository. What I mean is the following. Lets asume i have a user client1 with a domain svn.domain.tld where he wants to have his repository available.
I would configure apache like tis:
Because as far as I understand suExec works only for php execution but not for an access to dav svn. So apache does not run under the client1's user, or am I wrong?
1) This works only for new clients.
2) apache always runs under the apache user. But thats not a problem at all asll all repos can be owned by the apache user as the login permissions were handled in the svn-passwd
and do not depend on the file permissions and /path/top/his/home/repos
can be anywere on your server and has not to be in the home directory of the user as the user is able to access the repository by webdav and does not has to access the files directly.
|All times are GMT +2. The time now is 11:27.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.