You can always "chgrp $COMMON_GROUP .svn" directories and make all users
have this $COMMON_GROUP as their Group ID. This way they can still
share the ".svn" directories and still "others" (like the Web server)
won't be able to go in there.
You are right about the problem if someone chmod()'s the permissions to
something wrong but the operators' mistakes are usually a factor which
you cannot completely circumvent. What if they delete the ".svn"
directories by mistake... The power of users/admins is unlimited, our
task is to create better security principles by default.
I think the best way to achieve this security improvement is by making
the ".svn private permissions" as an option in the "~/.subversion"
Or this is too much work and we'd better take the risk that ".svn"
directories are world-accessible?
David Glasser wrote:
> There do exist people (unfortunately) who want to share wcs between
> users. In the future where there's only one .svn per wc, I think this
> solution is great: make them private when created, but if somebody
> chmods them public, it sticks. But while we still have tons of .svns
> (we do still even on trunk, right?) that seems like it would make this
> sort of use impossible.
Received on 2010-01-15 07:47:00 CET