[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Could svn_backend check permissions?

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-09-06 08:17:07 CEST

On Fri, 2003-09-05 at 17:42, Tobias Ringström wrote:
> The holy grail would of course be to prevent a user with a bad umask
> (for example) to wedge the repos for all the other users. Doing so would
> definately involve messing with permissions, and it would be hard to get
> it right, IMHO.

>From BDB's point of view, it's not very hard: when a new log file is
created, chmod() it to match the mode of the database it belongs to.
There's never any good reason for a log file to have a different mode
than the database itself. Keith Bostic has agreed to look into making
this hapen in a future version of BDB, though it's not clear whether
that will be 4.2.x (due out later this year) or some indefinite future
version.

> Is it possible that you are trying to solve an old problem? Just a short
> time ago neither ra_dav, ra_svn nor ra_local did manage to present a
> "permission denied" error message to the user, but now they do.

I believe if the DB is writable to you but a log file is not, you will
still get some scary BDB error message about needing to run recovery.

Marc Singer wrote:
> What has been suggested is to check that the umask is either 0002 or
> that the owner of the directory is the same as the user who is about
> to create files in that directory.

> However, it is valid for svn.svn (group writable) to own a directory
> and for bob.svn to write files to the repository with a 0022 mask as
> long bob is the only user using the repository.

The rule I'm suggesting is: if you are relying on group write access to
open the DB files themselves, your umask must not contain the 020 or 040
bits. I didn't say anything about the owner of the directory.

Certainly, it's possible to contrive a case where I violate this rule
and things continue to work; it just requires that nobody else tries to
use the repository but me, ever again. But there's no conceivable
reason why I'd want to set up a repository that way.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Sep 6 08:18:29 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.