I have set up an SVN server, and I want to allow users to be able to change their own passwords, but I'm not sure how to accomplish this. The usernames and passwords are stored in a users file that I created using htpasswd. Ideally, a user would able to login to the server and run the command htpasswd /svn/repos/users [username] to change their password. The (very, very obvious) problem with this approach is that if I made that file readable and writable to everyone, they'd be able to change anyone's password, or even delete svn users. What are some alternatives? I'm not experience with unix system administration of shell scripting, so excuse me if this is a total noob question.
I take it you're using Apache. Right?
Have you considered using LDAP for account administration? Apache integrates with LDAP rather nicely, and Windows Domain account access can also be LDAP driven. That means, you can log into Subversion using your Windows account and password and you can use Windows groups to help control access. Here's my setup:
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /source>
DAV svn
SVNPath /opt/svn_repos
AuthType basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ldap.mycompany.com:3268/dc=mycompany,dc=com?sAMAccountName" NONE
AuthLDAPBindDN "CN=svnUser,OU=Users,OU=Accounts,DC=mycompany,DC=com"
AuthLDAPBindPassword "Swordfish"
Require ldap-group CN=Developer,CN=Groups,DC=mycompany,DC=com
</Location>
I once wrote a little PHP program to allow users to change their Subversion password. I don't have it now, but it's not that difficult to do. You know the user and the location of the htpasswd file. All you have to do is have the user type in a new password, encrypt it, and rewrite the htpasswd file. I used a symbolic link to make the htpasswd file visible to my PHP program.
However, I found that changing htpasswd might not take affect until after Apache restarts, and you can't simply restart Apache when people are doing a Subversion checkout.