0

I have multiple svn repositories on my server. For example:

/var/svn/repo1
/var/svn/repo2
/var/svn/repo3

I wanted to give access to a client to the repo2 only so I created a user 'client' and provided him SSH access. Now, the client can checkout the repo2 as:

svn co svn+ssh://client@<public-ip>/var/svn/repo2

But the problem is that he can SSH into the server using his username (client) and password and can mess with other files. He can also checkout all other repositories. How can I restrict client to just be able to checkout repo2.

He should not be able to:

  1. Access any other repository
  2. Commit to the repo2
  3. SSH the server

Is it even wise to give him permission to checkout the repository?

Thanks.

Improve this question

1 Answer 1

Reset to default
1

When running over a tunnel, authorization is primarily controlled by operating system permissions to the repository's database files.

But even in the case of tunneling, you can still use the svnserve.conf file to block access, by simply setting auth-access = read or auth-access = none.

Improve this answer
2
  • Thanks. but I want only my client not to be able to commit anything to the repository. Making this change will even not allow me to commit anything. I will have to go and replace 'read' or 'none' with 'write' in order to be able to commit myself. Isn't there any way I can enforce this policy on per user basis?
    – Uthman
    Commented Nov 10, 2011 at 7:54
  • svnserve.conf have ACL on per-user/per group basis
    – Lazy Badger
    Commented Nov 10, 2011 at 9:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .