[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: [LINUX] How to launch svnserve process with another user than 'root' ?

From: Jim Weir <javawaba_at_hotmail.com>
Date: 2006-08-30 21:31:15 CEST

>From: "Steve Fairhead" <steve@fivetrees.com>
>To: "'Jim Weir'" <javawaba@hotmail.com>
>CC: <users@subversion.tigris.org>
>Subject: RE: [LINUX] How to launch svnserve process with another user than
>'root' ?
>Date: Wed, 30 Aug 2006 20:18:25 +0100
>
>Jim Weir asked:
> >> Is running svn as 'root' a security risk? <<
>
>(From context, you're talking server-side.)
>
>In terms of general Unix security, yes. It's unwise to give any user or
>process more permissions than needed for the job in hand. (Very condensed
>version of several tomes on Unix security.)
>
>Consider: dog forbid that there should be a buffer overflow bug in
>svnserve.
>A cracker could then craft an attack vector, and take over your box, as
>root. All your bases are belong to them, as they say.
>
>I'm generalising hugely and necessarily; but it's pretty easy to adduser an
>svn or svnowner, and to chown the repository. System security is only as
>good as its weakest link, and that's often the administrator.
>
>HTH,
>
>Steve
>http://www.sfdesign.co.uk
>http://www.fivetrees.com
>
>

Thanks for the insight...I guess when I installed cvs I should have
installed it logged in as user "cvs".

I'm pretty new at this so I guess an easy way for me to take care of this is
to,
delete old repository as 'root'
login as user "svn"
create the new repository

Is this right?

Jim

_________________________________________________________________
All-in-one security and maintenance for your PC. Get a free 90-day trial!
http://www.windowsonecare.com/trial.aspx?sc_cid=msn_hotmail

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 30 22:23:47 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.