[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Best practices: managing configuration files

From: Ross Mark <rossm_at_controllingedge.com.au>
Date: 2003-08-14 03:28:22 CEST

Jack Repenning wrote:

> At 3:02 PM -0700 8/13/03, John Locke wrote:
>
>>
>> So, aside from the security issues surrounding the repository, and as
>> long as I get it set up correctly, does anyone see any major
>> drawbacks to making /etc a working copy?
>
>
> I don't think SVN is in the business of preserving file ownership. If
> you do this stuff as root, they'll all come out owned by root.
> Depending on your system, there might be some that would rather be
> owned by some other user, like "mail" or "httpd" or something. Same
> observation about group. I even wonder about the more exotic
> permissions, like set-uid and sticky and such.
>
>> I haven't dug around in the private .svn directory all that much--is
>> there a security risk involved in having these files in the /etc
>> filesystem?
>
>
> There's a good question. Looks like the text-base files are always
> world-readable. There are a few files in /etc that should not be
> world-readable. I think that's a killer for you right there.

I posted a wrapper script a few days ago
http://www.contactor.se/~dast/svnusers/archive-2003-08/0255.shtml
<http://www.contactor.se/%7Edast/svnusers/archive-2003-08/0255.shtml>
which would handle the file permission's ownerships plus the symlinks
that /etc is full of. I've been using it for a few months to maintain
and version entire filesystems (not just /etc) be-it small ones for
embedded system :-) The only problem I find is if you place /lib/modules
under svn depmod has problems as it tries to resolve the dependencies of
the text-base files aswell.

Ross

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 14 03:28:30 2003

This is an archived mail posted to the Subversion Users mailing list.