Re: Repository ACL's

Daniel Patterson wrote:

>On Thu, 2003-04-17 at 13:52, mark benedetto king wrote:
>
>
>>Oracle has ACLs (well, technically, I think they're capabilities-lists,
>>but that's a different story), even though people with write access to
>>the database could completely subvert them. They're implemented in the
>>database itself, and not in the network layer.
>>
>>
>
>However, how many people have write access to the oracle database files?
>Very few afaik. There is always an oracle "server" process handling
>the interface between the database and client.
>
>With ra_local, there is no such process acting as an interface,
>so *any* client can break any ACL's implemented in the SVN filesystem.
>
>Perhaps ra_local should be reserved for administration and ra_svn
>used by default by all users (over domain sockets locally perhaps)?
>

The setup is, of course, up to the administrator. If access control is
important in your setup, then you probably don't want people to even
have login accounts on the server, and you'd restrict access to the
repository to only ra_svn or ra_dav.

ACLs can also be used as reminders. For instance, I often make files
that I know I shouldn't fiddle with read-only, even though -- as the
owner -- I can override that flag.

-- 
Brane Čibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org