Marcus Rueckert wrote:
> On 2006-02-10 22:05:31 +0100, Olaf van der Spek wrote:
>> Why is conf/passwd sometimes world-readable (depending on umask)?
>> I think it should never be world-readable and always be created with
>> mode 600.
>
> 1. because the password file has no protection worth data by default.
> 2. if you use a dedicated svn server there is no problem with world
> readable.
> 3. you dont use a dedicated svn server? you will definitely know how
> to protect the file better. no?
I don't see any argument for the world readable bit.
In 1, 2 and 3 the bit isn't needed, so according to the least privileges
principle, the bit shouldn't be set.
> normally people create new repositories as root and chown/chgrp/chmod
> them to the correct permissions to the svnserve can read it. one chmod
> command more to make it only readable by the svnserve should not be this
> hard.
It's not hard, but why not make it a bit easier for the user?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Feb 11 14:29:09 2006