access right questions: jailroot & svnadmin & apache

Discussion in 'General' started by schildhans, May 6, 2009.

  1. schildhans

    schildhans New Member


    I plan to install ISPConfig3 on my vServer but I have a few questions before which could not be answered by searching the internet.
    I need to install for 3 clients also a SVN repository.
    I plan to make a subdomain for each client called svn.domain.tld.
    But I am not sure about the access rights.
    I would like to give every user the possibility to log in over ssh (with chailroot)
    that they can execute svnadmin create repositoryname.
    But when accessing svn.domain.tld apache should deliver the repository with
    WEBSvn ( and the repository should be registered with svn-access-manager.
    Now I am not sure about two things:
    - how can i make sure that the users can use the svnadmin command in the jail root?
    - how have i set the user rights of the repository? Theoretically if the user creates it and the subdomain uses suexec the repository should be writeable for that user from within the php access manager?

    I have no installation of ISPConfig3 here to test, so I have to do a complete switch.
    Any suggestions on complete that task?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) add svnadmin to the list of jailed applications.
    2) Setting up the user rights for the repository is not related to ispconfig, you should take a look at one of the the svn guides on the svn homepage.
  3. schildhans

    schildhans New Member

    1) done, but the client allways gets unknown command for svnadmin. I have in chrooted applications /usr/bin/svnadmin and in app section svnadmin.
    2) I thin I was not precise enough. I did not mean the access rights for the svn repository. What I mean is the following. Lets asume i have a user client1 with a domain svn.domain.tld where he wants to have his repository available.
    I would configure apache like tis:
    <Location /svn/repos>
      DAV svn
      SVNParentPath /path/top/his/home/repos
      AuthType Basic
      AuthName "Subversion Repository"
      AuthUserFile /path/top/his/home/svn-passwd
      AuthzSVNAccessFile /path/top/his/home/svn-access
      Require valid-user
      SVNIndexXSLT /svnstyle/svnindex.xsl
    But the problem now is: apache has to have read & write access for the repository. But also client 1 has to have read & write access from its jailroot.
    Because as far as I understand suExec works only for php execution but not for an access to dav svn. So apache does not run under the client1's user, or am I wrong?
    Last edited: May 6, 2009
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    1) This works only for new clients.
    2) apache always runs under the apache user. But thats not a problem at all asll all repos can be owned by the apache user as the login permissions were handled in the svn-passwd
    and do not depend on the file permissions and /path/top/his/home/repos
    can be anywere on your server and has not to be in the home directory of the user as the user is able to access the repository by webdav and does not has to access the files directly.

Share This Page