Re: repository permissions - some general security questions

From: Kevin Pilch-Bisson <kevin_at_pilch-bisson.net>
Date: 2002-07-24 16:14:21 CEST

On Wed, Jul 24, 2002 at 04:16:25PM +0200, Michael Wood wrote:
> On Wed, Jul 24, 2002 at 04:02:07PM +0200, Timothee Besset wrote:
> [snip]
> > My problem is with the repository filesystem itself. The README
> > advises to chmod 777 which give +rw to anything on the system. This is
> > clearly a big hole, and blocker in my case. I want to have at least rw
> > restricted to a specific group.
> [snip]
>
> The user that apache runs as needs write access to the repository. I
> don't think it needs to be world writable.
>
Well, if you want to use ra_local, then the repository needs to be writable by
any user using the repository.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kevin Pilch-Bisson                    http://www.pilch-bisson.net
     "Historically speaking, the presences of wheels in Unix
     has never precluded their reinvention." - Larry Wall
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

application/pgp-signature attachment: stored

Received on Wed Jul 24 16:18:59 2002

This message: [ Message body ]
Next message: Michael Wood: "Re: repository permissions - some general security questions"
Previous message: Michael Wood: "Re: repository permissions - some general security questions"
In reply to: Michael Wood: "Re: repository permissions - some general security questions"
Next in thread: Michael Wood: "Re: repository permissions - some general security questions"
Reply: Michael Wood: "Re: repository permissions - some general security questions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]