On Wed, Jul 24, 2002 at 04:53:59PM +0200, Timothee Besset wrote:
> Well that's my problem. Default httpd config:
> User nobody
> Group #-1
>
> I'm not sure what this means really .. but it looks to me like way too
> many things could be reading and writing in the repository. I know I can
> configure apache to run as a specific user/group, but that doesn't really
> solve the problem... I'm not sure I want to have my repository at the same
> access level as all the other stuff in my web pages.
>
> Then again .. I don't know what the implications are, but wouldn't things
> be better if a specific user/group could be defined for the svn repository
> area?
Here's how my Apache setup is done:
Main Apache server:
- uses my machine's first IP
- runs as user/group apache/apache
- CGIs run using suexec as their owner.
(Well, I don't have any CGIs for performance reasons. But that's how
they are set up to run.)
- mod_dav_svn is loaded
Second Apache server:
- uses my machine's second IP
- runs as user/group apachevh/apachevh
- mod_php. safe_mode is turned on and open_basedir is set on each
virtual host. So a bit more can happen as this user, though I'm still
paranoid. (requires <http://www.slamb.org/php-apache2-safemode.patch>)
So user "apache" is pretty restrictive. No non-Apache code can execute
as that user. So I think it's pretty safe. The second server is probably
reasonably safe, too, I just don't trust mod_php's restrictions.
The other alternative - eventually - is to run Apache2 with the perchild
MPM. It dispatches requests to Apache processes that have been forked
off and setuid()ed to different users, based on the virtual host. But
last time I tried it, it didn't work. It's experimental, and for a
reason.
--
Scott Lamb
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 24 17:24:03 2002