Re: Should svnserve set umask to 002?

From: <brane_at_xbc.nu>
Date: 2003-01-23 20:55:10 CET

Greg Hudson wrote:

On Thu, 2003-01-23 at 14:37, Branko �ibej wrote:

Actually, ra_local has a similar problem; it should set the umask to 002
when fiddling with the database, too. Then Unix people could finally set
up their repositories so that they could be used by all RA methods
simultaneously.

Setting the umask to 002 would be a security hole. Consider this use
case: I naively set up a repository for my own use, on a system where
all users are in the same primary group.

The right answer is: after repository creation, when a log file is
created by the FS layer, it should be chmodded to the same permissions
as the database. Unfortunately, this may require changes to Berkeley DB
itself; I'm not sure. (We could compute a umask to set around Berkeley
DB calls, except that introduces thread-safety issues.)

Exactly. That's why I said the umask changes would have to be a lot more
fine-grained.

Well, I don't care. Multi-RA-method access works just fine on Windows,
where by default files inherit the parent's permissions. One for our
side. :-)

-- 
Brane �ibej   brane_at_xbc.nu   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sat Oct 14 02:09:58 2006

This message: [ Message body ]
Next message: jerenkrantz_at_apache.org: "Re: [PATCH] Add reporter-set_path pool parameter"
Previous message: jerenkrantz_at_apache.org: "Re: Including diffs in checkin log message comments"
Next in thread: ghudson_at_MIT.EDU: "Re: Should svnserve set umask to 002?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]