RE: [LINUX] How to launch svnserve process with another user than 'root' ?

From: Steve Fairhead <steve_at_fivetrees.com>
Date: 2006-08-30 21:18:25 CEST

Jim Weir asked:
>> Is running svn as 'root' a security risk? <<

(From context, you're talking server-side.)

In terms of general Unix security, yes. It's unwise to give any user or
process more permissions than needed for the job in hand. (Very condensed
version of several tomes on Unix security.)

Consider: dog forbid that there should be a buffer overflow bug in svnserve.
A cracker could then craft an attack vector, and take over your box, as
root. All your bases are belong to them, as they say.

I'm generalising hugely and necessarily; but it's pretty easy to adduser an
svn or svnowner, and to chown the repository. System security is only as
good as its weakest link, and that's often the administrator.

HTH,

Steve
http://www.sfdesign.co.uk
http://www.fivetrees.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 30 22:01:26 2006

This message: [ Message body ]
Next message: Garrett Rooney: "Subversion 1.4.0 Release Candidate 5 released"
Previous message: Erik Hemdal: "Re: commit-email.pl and sendmail configuration"
In reply to: Jim Weir: "Re: [LINUX] How to launch svnserve process with another user than 'root' ?"
Next in thread: Jim Weir: "RE: [LINUX] How to launch svnserve process with another user than 'root' ?"
Reply: Jim Weir: "RE: [LINUX] How to launch svnserve process with another user than 'root' ?"
Reply: Tuncer Ayaz: "Re: [LINUX] How to launch svnserve process with another user than 'root' ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]