开发者

Subversion with Apache and permissions issues

开发者 https://www.devze.com 2023-02-01 14:18 出处:网络
I have setup an SVN repository for use with Apache 2 via svnadmin create command and appropriate vhost configuration. I found that, in order to correctly use the repository, this must be owned by wwwr

I have setup an SVN repository for use with Apache 2 via svnadmin create command and appropriate vhost configuration. I found that, in order to correctly use the repository, this must be owned by wwwrun user (or www group) or chmodded to 777.

I would like to ask if it's possible to explicitly tell Apache to impersonate another user when serving requests to a certain path (from vhost.conf), like with suphp extension, so I won't mess with permissions once I create a repository.

Thank开发者_开发问答 you in advance


To impersonate another user, apache would need to have elevated privileges - this would miss the point of running apache with limited rights (as use wwwrun in your example) in the first place. Therefore, pick one of the following

  • Run apache as root (dangerous, since a compromised apache will compromise your entire system)
  • Make wwwrun member of the svnrepo group that you give access to your repository to
  • Create a suid binary and a corresponding apache module to allow apache to impersonate (very complicated, easy to mess up - that's how suphp does it)
  • Change the permissions of the repository itself to allow everybody, wwwrun, or the www group.

Quite frankly, I don't see the problem you're having with the second or last option. Why can't you allow wwwrun to access your svn repository?

0

精彩评论

暂无评论...
验证码 换一张
取 消