[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Could svn check permissions?

From: Jack Repenning <jrepenning_at_collab.net>
Date: 2003-09-08 20:12:56 CEST

At 7:10 AM -0400 9/7/03, John Peacock wrote:
>I have a proof of concept patch which appears to do what I suggested
>(under Linux) at least as far as --user-id is concerned. I'm
>missing some subtlety about how to use setgid() in combination with

Here's a subtlety, could this be the one? You have to call setuid()
first. But I'm surprised you're not using chown/chmod -R, or
library equivalents, on the repo after it's created (make it, then
give it away).

>I also need to test this on Win32, since most of this security code
>has to magically vanish for insecure O/S's; I'm going to take a look
>at how Apache does it.

You're not going to *believe* what it takes to do this on Windows!

>1) If a repository is going to be set up for exclusive access by a
>single user, what would be the most appropriate permissions to use
>on the repos files? The book discussion umask(002) as sane for
>shared access, but it doesn't discuss exclusive access. I was
>thinking it would be best if the repository files were not even
>read-only to any other user (to prevent even the most well
>intentioned attempts to access the repository). I chose umask(077)
>for exclusive mode (and tested it). Too harsh?

No, this doesn't seem too harsh. In terms of access via SVN itself
(through any ra_*), there's really no such thing as "read-only"
access at the file system level: even "read" operations change the DB
files. So making the files non-writable prevents even reads. This
is a little confusing: the SVN capabilities don't quite align with
the file system capabilities. Setting the permissions as you
suggest, then, doesn't change the SVN accessibility in the slightest,
is perhaps less confusing, and prevents some hackage.

>2) I have noticed that svnadmin also creates the ~user/.subversion/*
>files when creating a repository. Is this still appropriate for a
>user like nobody, which does not (typically) have a homedir???

Wouldn't happen if you used chown/chmod ;-)

Jack Repenning
CollabNet, Inc.
8000 Marina Boulevard, Suite 600
Brisbane, California 94005
o: 650.228.2562
c: 408.835-8090
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 8 20:13:55 2003

This is an archived mail posted to the Subversion Dev mailing list.