[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: [LINUX] How to launch svnserve process with another user than 'root' ?

From: Steve Fairhead <steve_at_fivetrees.com>
Date: 2006-08-30 21:18:25 CEST

Jim Weir asked:
>> Is running svn as 'root' a security risk? <<

(From context, you're talking server-side.)

In terms of general Unix security, yes. It's unwise to give any user or
process more permissions than needed for the job in hand. (Very condensed
version of several tomes on Unix security.)

Consider: dog forbid that there should be a buffer overflow bug in svnserve.
A cracker could then craft an attack vector, and take over your box, as
root. All your bases are belong to them, as they say.

I'm generalising hugely and necessarily; but it's pretty easy to adduser an
svn or svnowner, and to chown the repository. System security is only as
good as its weakest link, and that's often the administrator.



To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 30 22:01:26 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.