[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Should svnserve set umask to 002?

From: <brane_at_xbc.nu>
Date: 2003-01-23 20:55:10 CET

Greg Hudson wrote:

On Thu, 2003-01-23 at 14:37, Branko �ibej wrote:
  

Actually, ra_local has a similar problem; it should set the umask to 002
when fiddling with the database, too. Then Unix people could finally set
up their repositories so that they could be used by all RA methods
simultaneously.
    

Setting the umask to 002 would be a security hole. Consider this use
case: I naively set up a repository for my own use, on a system where
all users are in the same primary group.

The right answer is: after repository creation, when a log file is
created by the FS layer, it should be chmodded to the same permissions
as the database. Unfortunately, this may require changes to Berkeley DB
itself; I'm not sure. (We could compute a umask to set around Berkeley
DB calls, except that introduces thread-safety issues.)
  

Exactly. That's why I said the umask changes would have to be a lot more
fine-grained.

Well, I don't care. Multi-RA-method access works just fine on Windows,
where by default files inherit the parent's permissions. One for our
side. :-)

-- 
Brane �ibej   brane_at_xbc.nu   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:09:58 2006

This is an archived mail posted to the Subversion Dev mailing list.