[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Should svnserve set umask to 002?

From: <ghudson_at_MIT.EDU>
Date: 2003-01-23 20:52:18 CET

On Thu, 2003-01-23 at 14:37, Branko Čibej wrote:
 Actually, ra_local has a similar problem; it should set the umask to 002
 when fiddling with the database, too. Then Unix people could finally set
 up their repositories so that they could be used by all RA methods
 simultaneously.

Setting the umask to 002 would be a security hole. Consider this use
case: I naively set up a repository for my own use, on a system where
all users are in the same primary group.

The right answer is: after repository creation, when a log file is
created by the FS layer, it should be chmodded to the same permissions
as the database. Unfortunately, this may require changes to Berkeley DB
itself; I'm not sure. (We could compute a umask to set around Berkeley
DB calls, except that introduces thread-safety issues.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:09:54 2006

This is an archived mail posted to the Subversion Dev mailing list.