[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bug? FSFS revision control

From: Jani Averbach <jaa_at_jaa.iki.fi>
Date: 2005-01-27 01:32:34 CET

On 2005-01-26 18:53-0500, Dassi, Nasser wrote:
>
> Simple example: Have you tried opening MS SQL Server data files (LDF,
> MDF) in Notepad when the SQL Server is running? You cannot even open it
> because the process/service has a full-on lock to the files. Mind you
> that technically He-Who-Installs-SQL-Has-Write-Access. Interesting,
> eh?!
>
> If Subversion employed a similar tactic for FSFS, then at least some
> files (like the revision counter) would not be editable until SVN is
> stopped (read: removed).

With Linux, with ext2/3 filesystem you could very easily do a
post-commit hook which will set an immutable bit on FSFS filesystem
file (by using sudo & chattr). Then only root could modify those file
(after removind that special attribute bit). Or you could deploy
SELinux, and apply it to SVN and write your own very fancy and notepad
proof MAC rules for it. Or in general, you could deploy the most
secure settings of your favorite OS to protect your repository. As
many others have said before, if someone has a blank write access to
the repository, then the game is over.

It isn't SVN job to do proper system administration for you.

BR, Jani

-- 
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jan 27 01:35:03 2005

This is an archived mail posted to the Subversion Users mailing list.