[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Securing subversion on a shared server

From: Matt \ <immute_at_msk4.ath.cx>
Date: Tue, 12 May 2009 10:05:46 -0500

Since you are insisting on the answer, I'll give it to you and assume
you know what you are doing (with respect to file security on shared
systems).
Otherwise, the only files subversion creates or uses are the ones
created by `svnadmin create`, the users home directory
($HOME/.subversion) and the system-wide configuration (/etc/subversion)

Neil Aggarwal wrote:
> I did not have the mode since I changed it.
> You are probably correct the files
> were mode 644.
>
> I am using https to connect to the server.
>
> The problem is that file mode 644 is still
> readable by anyone with an account on the server.
>
> I would like to make sure all files on the server
> (The repository and any user-space files) are
> mode x00.
>
> So my question is: What directories do I need to secure?
>
> I changed the repository directory and all files in
> it to mode 700. I also changed the ~/.subversion
> directory to mode 700.
>
> Is there anything else I need to change?
>
> Thanks,
> Neil
>
> --
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
> Eliminate junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
>
>>> It looks like subversion by default stores
>>> the repository with file mode 755. I am using
>>> file system storage.
>> Normally 644.
>>
>>> This also seems true of the .subversion directory
>>> in the user's home directory.
>> Same 644 there. Do you have an odd umask?
>>
>>> If I am running subversion on a shared server,
>>> I would like to make all subversion related files
>>> owned by a daemon account and file mode 700.
>> Are you using file:// schema to connect to the server?
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2214805
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
>

-- 
Matt "imMute" Sickler
imMute_at_msk4.com
http://www.msk4.com
http://li35-105.members.linode.com
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2215379
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-05-12 17:07:13 CEST

This is an archived mail posted to the Subversion Users mailing list.