How to connect as NT AUTHORITY\SYSTEM to svn?

1
votes

I have a service running at local system account (NT AUTHORITY\SYSTEM). This service shall connect to local subversion repository. Is this possible?

I tried this

svn export --non-interactive http://localhost/svn/MyRepository TargetFolder

but it does not work. As far as I know I cannot set any password for "NT AUTHORITY\SYSTEM". I don't like to use my personal account and put my password there as clear text.

My SVN runs on VisualSVN-Server

2
windowsauthenticationsvnvisualsvn-server
I'm not familiar with VisualSVN-Server, but in general, single sign-on authentication systems see connections from the local system account as connections from the computer's domain account, i.e., COMPUTERNAME$. It may be as simple as granting this account the appropriate access rights. - Harry Johnston
Of course, I granted access to svn repository for this user. But it does not work. I think I will simply create a local user on this machine and use that one. - Wernfried Domscheit
@HarryJohnston No, LOCAL account represents Anonymous account credentials on network. It's Network Service that represents COMPUTERNAME$ on the network. - bahrep
See serverfault.com/questions/135867/… - bahrep
@bahrep: the question and the accepted answer both say the same thing I did. The SYSTEM (aka LocalSystem) account has the same network access as NetworkService. Try it yourself! - Harry Johnston

2 Answers

0
votes

You should never use SYSTEM account for such tasks for numerous security reasons. Create and use a dedicated local Windows or Active Directory account with limited permissions.

-1
votes

Setting up the cached authentication credentials for the System user requires running an svn.exe command as the System user. Windows Vista+/Server 2008+ doesn't make that easy.

  1. ​Install psexec from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
  2. Start an elevated cmd.exe as Administrator.
  3. Run "psexec -i -s cmd.exe".
  4. A new cmd.exe should appear which is running as the System user.
  5. Type whoami. Verify the output reads something like "nt authority\system".
  6. Perform a subversion command like "svn --username your-svn-user list your-https-repo-url".​
  7. When prompted by svn.exe, enter the password for your-svn-user.
  8. ​The "svn auth" command allows you to examine the cached credentials.

Note if a new SSL certificate is installed on the Subversion server, you'll have to repeat this process.

For more responses on this topic: How do you run CMD.exe under the Local System Account?