I have setup an SVN repository for use with Apache 2 via svnadmin create
command and appropriate vhost configuration. I found that, in order to correctly use the repository, this must be owned by wwwrun
user (or www
group) or chmodded to 777
.
I would like to ask if it's possible to explicitly tell Apache to impersonate another user when serving requests to a certain path (from vhost.conf), like with suphp
extension, so I won't mess with permissions once I create a repository.
Thank开发者_开发问答 you in advance
To impersonate another user, apache would need to have elevated privileges - this would miss the point of running apache with limited rights (as use wwwrun
in your example) in the first place. Therefore, pick one of the following
- Run apache as root (dangerous, since a compromised apache will compromise your entire system)
- Make
wwwrun
member of thesvnrepo
group that you give access to your repository to - Create a
suid
binary and a corresponding apache module to allow apache to impersonate (very complicated, easy to mess up - that's how suphp does it) - Change the permissions of the repository itself to allow everybody,
wwwrun
, or thewww
group.
Quite frankly, I don't see the problem you're having with the second or last option. Why can't you allow wwwrun
to access your svn repository?
精彩评论