[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: More strict file permissions for the administrative ".svn" directories

From: Ivan Zahariev <rrdtool_at_famzah.net>
Date: Fri, 15 Jan 2010 08:46:19 +0200

You can always "chgrp $COMMON_GROUP .svn" directories and make all users
  have this $COMMON_GROUP as their Group ID. This way they can still
share the ".svn" directories and still "others" (like the Web server)
won't be able to go in there.

You are right about the problem if someone chmod()'s the permissions to
something wrong but the operators' mistakes are usually a factor which
you cannot completely circumvent. What if they delete the ".svn"
directories by mistake... The power of users/admins is unlimited, our
task is to create better security principles by default.

I think the best way to achieve this security improvement is by making
the ".svn private permissions" as an option in the "~/.subversion"
config files.

Or this is too much work and we'd better take the risk that ".svn"
directories are world-accessible?

Cheers.
--Ivan

David Glasser wrote:
> There do exist people (unfortunately) who want to share wcs between
> users. In the future where there's only one .svn per wc, I think this
> solution is great: make them private when created, but if somebody
> chmods them public, it sticks. But while we still have tons of .svns
> (we do still even on trunk, right?) that seems like it would make this
> sort of use impossible.
>
> --dave
Received on 2010-01-15 07:47:00 CET

This is an archived mail posted to the Subversion Dev mailing list.