On Fri, Sep 05, 2003 at 08:21:49PM +0100, Philip Martin wrote:
> Greg Hudson <ghudson@MIT.EDU> writes:
>
> >> I don't think we need to worry about violating the abstraction. A
> >> simple filesystem enumeration just means that the ambient user has
> >> access to files in the repository.
> >
> > Well, I think it's possible to shunt the logfiles off to a different
> > directory, and that would prevent a simple directory enumeration from
> > working.
>
> Verifying that access will work involves checking the data files, the
> environment files and the log files at the very least. The location
> of both the data files and the log files can be customised, see BDB
> documentation of set_data_dir and set_lg_dir.
>
> A couple of other things to bear in mind:
>
> - In normal use a user needs to be able to create new log files,
> verifying that this is possible involves checking directory
> permissions all the way back to root. I don't know whether failure to
> create a log file affects only the one user, I assume the transaction
> will fail, or whether it will lead to a need for database recovery.
>
> - BDB may create temporary files, although I don't know if Subversion
> causes any temporary files to be created. The location can be
> customised, see set_tmp_dir, and once again I don't know if failure to
> create such a file affects just the single user or whether it will
> lead to need for database recovery.
Looks tractable.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 5 21:36:36 2003