[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: repository permissions - some general security questions

From: Timothee Besset <timo_at_qeradiant.com>
Date: 2002-07-24 17:27:50 CEST

Yes it looks like I'm gonna have to setup a specific httpd to handle the
repository. Thanks for the feedback.

TTimo

On Wed, 24 Jul 2002 10:23:49 -0500
Scott Lamb <slamb@slamb.org> wrote:

> On Wed, Jul 24, 2002 at 04:53:59PM +0200, Timothee Besset wrote:
> > Well that's my problem. Default httpd config:
> > User nobody
> > Group #-1
> >
> > I'm not sure what this means really .. but it looks to me like way too
> > many things could be reading and writing in the repository. I know I can
> > configure apache to run as a specific user/group, but that doesn't really
> > solve the problem... I'm not sure I want to have my repository at the same
> > access level as all the other stuff in my web pages.
> >
> > Then again .. I don't know what the implications are, but wouldn't things
> > be better if a specific user/group could be defined for the svn repository
> > area?
>
> Here's how my Apache setup is done:
>
> Main Apache server:
> - uses my machine's first IP
> - runs as user/group apache/apache
> - CGIs run using suexec as their owner.
> (Well, I don't have any CGIs for performance reasons. But that's how
> they are set up to run.)
> - mod_dav_svn is loaded
>
> Second Apache server:
> - uses my machine's second IP
> - runs as user/group apachevh/apachevh
> - mod_php. safe_mode is turned on and open_basedir is set on each
> virtual host. So a bit more can happen as this user, though I'm still
> paranoid. (requires <http://www.slamb.org/php-apache2-safemode.patch>)
>
> So user "apache" is pretty restrictive. No non-Apache code can execute
> as that user. So I think it's pretty safe. The second server is probably
> reasonably safe, too, I just don't trust mod_php's restrictions.
>
> The other alternative - eventually - is to run Apache2 with the perchild
> MPM. It dispatches requests to Apache processes that have been forked
> off and setuid()ed to different users, based on the virtual host. But
> last time I tried it, it didn't work. It's experimental, and for a
> reason.
>
> --
> Scott Lamb
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 24 17:35:04 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.