svn+ssh access with --tunnel-user

Malte Helmert helmert at informatik.uni-freiburg.de
Tue Jul 1 10:58:43 CDT 2008


Hi everyone,

the repositories I manage are accessed via svn+ssh with the
--tunnel-user option as described in the "Tunneling over SSH" section of
the book. There is one system-level user account per repository, which
will have an ~/.ssh/authorized_keys file like this (minus the extra line
breaks):

command="/usr/bin/svnserve -t --tunnel-user=Malte\ Helmert
  -r /home/repos/whatever/repository",
  no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
  ssh-dss KEY... malte at wherever
command="/usr/bin/svnserve -t --tunnel-user=Someone\ Else
  -r /home/repos/whatever/repository",
  no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
  ssh-dss KEY... someone at wherever
command="/usr/bin/svnserve -t --tunnel-user=Yet\ Another\ Guy
  -r /home/repos/whatever/repository",
  no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
  ssh-dss KEY... yag at wherever

Noone else has ssh access to the account and there is no httpd or
svnserve daemon running, so only these three people can access the
repository.


In some repositories, I also use path-based authentication to keep some
people out of certain parts of the repository. The funny thing is that
under certain circumstances [1], people with full access rights in the
"authz" file can't access the repository at all *unless I set
anon-access to none* in the svnserve.conf file. Their checkout will fail
with "Not authorized to open root of edit operation". However, if I
change anon-access from its default "read" to "none", everything works
splendidly.

The unintuitive thing here is that tightening permissions (from "read"
to "none") leads to more access rights. I also don't understand why
*anonymous* access matters here; shouldn't the --tunnel-user take care
of that?

Apparently this is a Subversion bug [2], but since this issue has been
existing since at least 2006 (according to the comments in the issue
tracker), maybe it's worth pointing out the workaround (setting
anon-access=none) in the "Tunneling over SSH" section of the book, where
this problem is very likely to occur.

Malte


[1] Looks like it depends on the SVN client. The command-line client
works, as do older versions of TortoiseSVN, but the current version of
TortoiseSVN causes problems.

[2] http://subversion.tigris.org/issues/show_bug.cgi?id=2712 looks
closely related, although it doesn't mention --tunnel-user.





More information about the svnbook-dev mailing list