Re: .subversion default rights

Max Bowsher wrote:
> Manuel VACELET wrote:
>
>> Hi all (transfer from users@ list),
>>
>> I use subversion (client) 1.0.6 under both Solaris (8) and Linux build
>> from sources.
>>
>> Default .subversion directory created by first svn call is bad protected
>> (probaly using default umask) instead of setting 'chmod 0700'. This
>> directory that can contains sensible datas (passwords in servers file)
>> so it have to be well protected by default.
>>
>> It concerns ~/.subversion/servers that can contains proxy password.
>>
>> Morever I think a dot file (or directory) should be protected by default
>> even if there is no 'sensitive' data into. So instead of chmod 0600
>> ~/.subversion/servers, chmod 0700 ~/.subversion should be done.
>
>
> I disagree.
>
> _If_ someone deliberately enters a password in servers, they can secure it.

Sure, but you provide a way to define password in a file that is not
protected by default.

As software provider in my company (and as user) I'm sure that I (and
other users) will forget to protect this file.

My point of view is: "Why you don't want to protect -at least- servers
file if it can contain passwords" ?

> If they don't want to think about such things, then why is their home
> directory globally readable at all?

Sometimes you may have a public part in you home dir (e.g. ~/pub
~/public_html) but it's not a good reason to give access to all for
private life to anybody ;)

-- 
# VACELET Manuel     manuel.vacelet-abecedaire(at)st(dot)com #
# Tel:  042 6089                          +33 (0)476 92 6089 #
# STMicroelectronics - HPC/STS                               #
# 850, rue Jean Monet - 38926 CROLLES CEDEX - FRANCE         #
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org