[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ra_svn permissions

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-02-26 18:00:59 CET

On Wed, 2003-02-26 at 09:03, Timothee Besset wrote:
> I think it would be better if those umaks things could be configured in
> httpd conf and in svnserve directly though. A configuration line is
> easier that wrappers everywhere..

Well, sure. And when svnserve gets a config file (anyone can feel free
to jump in with that, see issue #1143), a umask option would be fine
there.

Apache is a tougher issue. An httpd might be performing many tasks,
each with their own umask requirements. But Apache has a plugin model
(a single httpd process may perform many different functions, possibly
even at the same time, as I understand it), and the umask is
process-global state, so the first conflict between umask requirements
is a dead end for the administrator. Or worse, a security hole.

It would be more social of us if we could remove the umask requirement.
Unfortunately, that means hacking (or discarding) Berkeley DB. BDB
needs to chmod logfiles after creating them to match the permissions of
the database. As long as the parent directory is g+s, everything should
work out.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 26 18:01:50 2003

This is an archived mail posted to the Subversion Dev mailing list.