[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [HCoop-Discuss] SVN security issues

From: Max Bowsher <maxb1_at_ukf.net>
Date: 2006-11-07 22:40:06 CET

Karl Chen wrote:
>>>>>> On 2006-11-06 02:45 PST, Marcus Rueckert writes:
>
> Marcus> with my proposal the default hook script would be a
> Marcus> stub that calls the actual hook script with "sudo" so
> Marcus> the www-data part is pretty trivial. Shouldnt this
> Marcus> solve your issue?
>
> It is a workaround, but it requires that the repository be owned
> by root rather than the user, and for a number of reasons is more
> complicated than adding a configurable exec helper to Subversion.

I do not understand why a solution based on sudo forces root ownership.

IIRC, the problem scenario is that www-data needs to run hooks under the
UID of a human user? In that case, would it not be possible to give
www-data selective sudo access to run, say,
/repository/hooks/post-commit.body, and have
/repository/hooks/post-commit being a script which uses sudo to invoke
post-commit.body ?

Max.

Received on Tue Nov 7 22:40:37 2006

This is an archived mail posted to the Subversion Dev mailing list.