[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Windows 7 / Windows 2008, UAC, IIS8

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Thu, 30 Dec 2010 08:44:59 +0100

On 29.12.2010 05:26, Ross J Presser wrote:
> I have read the previous discussions arguing that running
> TortoiseProc with elevated privileges is unnecessary, and advising
> that in extreme cases one should just turn off UAC. I am here to
> argue that it IS necessary and turning off UAC is wrong.
>
> UAC is an important part of real server security. SVN is regularly
> used, at least by us, to update development websites with new
> versions of websites. Under IIS8, websites run in a security context
> that is not any user; hence when a normal user wants to update a
> website, he will get access denied errors EVERYWHERE unless elevated
> privileges are used.

But its a development site. Just set the permissions to your own user
for those and you're fine.

> Even on my development machine. I run VS.NET with elevated
> privileges; thus, tortoiseSVN from Windows Explorer becomes useless.
> I'm lucky here, though; I have a VS.NET plugin that embeds an
> explorer window, which runs with the current security context; so
> tortoise commands from here run perfectly.

I know that plugin, using it myself :)

> I have been making do for several months with some batch files that
> run "Tortoiseproc.exe /command:update" in an elevated context. It's
> getting old. I have to write a new one for every website; if I need
> to load an old version, or commit, or do anything else, I have to
> construct a new command, painfully. What would be so horrible about
> properly supporting UAC?

Define "properly supporting UAC" please.

If an application tries to access files and the OS returns "Access
denied", then the app doesn't know (and simply can't know without
trying) whether that error would be "fixed" by running elevated. It
could be several other reasons why that error is returned.
So to actually 'support' UAC, svn would have to know that, then start
itself again elevated and repeat the command. That's simply not feasible.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2694759
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-12-30 08:45:18 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.