On 16.09.2012 00:29, Pierre Schmitz wrote:
* maybe review our group setup
One group per repo or what do you mean?
* package files and svn files cannot be accessed by these accounts. Use some sudo and dedicated user magic here so that only dbscripts can write packages and the svn repo can only be access via an svn client.
I've looked into that and all I found was that you "should" use ssh forced commands together with separate keys. AFAIK it is not possible to tell svn to run a different command than "svnserve -t" when connected via ssh. It might be possible to use a simple forced commands wrapper that passes just traps svnserve and executes it with sudo. I haven't checked if that works with interactive shells.
We can ave a more advanced setup later.
Good idea. -- Florian Pritz