[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [LINUX] How to launch svnserve process with another user than 'root' ?

From: Ryan Schmidt <subversion-2006c_at_ryandesign.com>
Date: 2006-08-31 00:06:24 CEST

On Aug 30, 2006, at 21:31, Jim Weir wrote:

>>> Is running svn as 'root' a security risk?
>>
>> (From context, you're talking server-side.)
>>
>> In terms of general Unix security, yes. It's unwise to give any
>> user or
>> process more permissions than needed for the job in hand. (Very
>> condensed
>> version of several tomes on Unix security.)
>>
>> Consider: dog forbid that there should be a buffer overflow bug in
>> svnserve.
>> A cracker could then craft an attack vector, and take over your
>> box, as
>> root. All your bases are belong to them, as they say.
>>
>> I'm generalising hugely and necessarily; but it's pretty easy to
>> adduser an
>> svn or svnowner, and to chown the repository. System security is
>> only as
>> good as its weakest link, and that's often the administrator.
>
> Thanks for the insight...I guess when I installed cvs I should have
> installed it logged in as user "cvs".
>
> I'm pretty new at this so I guess an easy way for me to take care
> of this is to,
> delete old repository as 'root'
> login as user "svn"
> create the new repository
>
> Is this right?

You hardly need to be that drastic. Just change the ownership of the
contents of the repository you already have.

sudo chown svn:svn /path/to/repository

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 31 00:17:48 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.