ssh = /usr/bin/ssh -p XXXX -l REMOTEUSERNAME -C

to this:

ssh_repo = /usr/bin/ssh -p XXXX -l REMOTEUSERNAME -C

Just illustrating that you can give it whatever alias you like. Then you connect with your alias like this.

svn co svn+ssh_repo://yoururl/path/to/repository/trunk

The permissions issue with regards the SVN database files is probably the most worrying part. I needed each of my developers to have a shell account on the server anyway, so setting up restricted accounts (no sudo/su) and using svn+ssh just seemed to fit.

You’re totally right about the SVN server situation – it could be more straightforward!

- Linux shell accounts need to be created for each SVN user (greatly increasing the damage that could be caused by a compromised password)

- These Linux accounts need to have read/write permission to the raw svn database files, effectively defeating any repository security mechanisms (e.g. conf/authz)

What you would need is to restrict the Linux user accounts so they can only run svnserve, and then configure svnserve to “setuid” to an “svn” role account. This is a complicated change that requires advanced knowledge of Linux, introducing opportunities for mistakes that would further compromise the system security.

This situation has always bothered me. I don’t understand why svnserve doesn’t implement compression and encryption as a basic part of its protocol. I just want to run an SVN server for developers. I don’t want to setup and administer a web site! I don’t want to give away lots of shell accounts to my server!

-Gonz