[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Repository version 1.5+ breaks security model?

From: David Bauer <astgtciv2009_at_gatech.edu>
Date: Tue, 28 Apr 2009 10:57:21 -0400 (EDT)

I recognize that this is a bit out of date, but I just discovered it today.
I administer a SVN repository for my research group, where we have a large number of users with read/write access. In order to prevent a user from (accidently or purposely) corrupting the database, the file permissions were set as such:
drwxr-x--- 2 root svnusers 4096 2007-08-24 09:25 conf
drwxr-x--- 2 root svnusers 4096 2007-08-24 09:25 dav
drwxrws--- 5 root svnusers 4096 2009-03-03 19:39 db
-rw-r----- 1 root svnusers 2 2007-08-24 09:25 format
drwxr-x--- 2 root svnusers 4096 2007-09-27 15:01 hooks
drwxr-x--- 2 root svnusers 4096 2007-08-24 09:25 locks
-rw-r----- 1 root svnusers 229 2007-08-24 09:25 README.txt

On the db directory:
-rw-rw---- 1 david svnusers 9 2009-03-03 19:39 current
-rw-r----- 1 root svnusers 2 2007-08-24 09:25 format
-rw-r----- 1 root svnusers 5 2007-08-24 09:25 fs-type
drwxrws--T 2 root svnusers 4096 2009-03-03 19:39 revprops
drwxrws--T 2 root svnusers 4096 2009-03-03 19:39 revs
drwsrws--T 2 root svnusers 4096 2009-03-03 19:39 transactions
-rw-r----- 1 root svnusers 37 2007-08-24 09:37 uuid
-rw-rw---- 1 root svnusers 0 2007-08-24 09:25 write-lock

The contents in the revs and revprops directories look like:
-rw-r----- 1 david svnusers 3500 2009-03-03 19:39 274

So, a user can only change their own commits.
(svnadmin verify and a backup of the repository are done by cron jobs, so if a user changes a commit that came before another user's commit, the non-matching checksum would be flagged.)

Now, with repository version 1.5+ (fsfs version 5, db version 3), I can't find any way to do the same thing. The first error I encountered was creating txn-current.tmp. Then, it tries to move txn-current.tmp over txn-current. I can't see any way to do that without giving users the ability to overwrite every file in the directory. A similar problem occurs with current.tmp -> current.

Is this type of security model not supported any more, or is there a way to make it work still?

David Bauer

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1964429

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-28 16:58:42 CEST

This is an archived mail posted to the Subversion Users mailing list.