[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: security and file permissions

From: Steven S. Gubser <ssgubser_at_Princeton.EDU>
Date: 2007-03-31 21:36:01 CEST

Hi Ingo,

Thank you! Your setup seems like a good solution. Probably
I will have to tweak it a bit because I can't have a whole new
group for svn only (system policy). But a svn account in my
existing group should be no problem, and I think umask 077
would then accomplish the same thing.

Best,
Steve

On Mar 29, 2007, at 2:25 PM, Ingo Schmidt wrote:

> Hi Steven!
>
>> I want to establish per-directory read-write access. I can
>> do this as per ch. 6 of the documentation. But I am running
>> everything on an svn+ssh basis, with the umask = 002 so
>> that every file in db/revs has permissions 664.
>
> What speaks against umask 007?
>
> How did you set up svn+ssh? There are many options. Does every user
> has his own account? And every user can just log into that server via
> ssh? That I would not do.
>
> Here is how I set up a server at my company just last week :-)
>
> I created a user "svn" and a group "svn". The only user in group "svn"
> is user "svn". This user and group can't do anything in the system
> except access the svn repos. My repos all belong to user and group
> svn. Read access for others is prohibited (umask 007).
>
> And then I did set up "shared accounts" as described in the svnbook.
> Now every user who wants to have access to the repositories has to
> give me a public key which I then insert into
> /home/svn/.ssh/authorized_keys
> in exactly the way how it is described in chapter 6, SSH configuration
> tricks:
> command="svnserve -t --tunnel-user=harry -r /path/to/repos/",no-
> port-forwarding,\
> no-agent-forwarding,no-X11-forwarding,no-pty \
> TYPE1 KEY1 harry@example.com
>
> How does this sound?
>
>
> Cheers, Ingo =;->
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Mar 31 21:36:29 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.