RE: Help with Mac repositry permissions

>

Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

-----Original Message-----

> From: Matthew Allen [mailto:fret_at_memecode.com]
> Sent: 08 September 2010 10:35
> To: Giulio Troccoli
> Subject: RE: Help with Mac repositry permissions
>
> The problem is that I want to make sure this is secure, and
> the fact that it seems to be using the webserver seems to be
> using the global permissions indicates to me that the repo
> files are not being correctly protected. If someone gets into
> my machine then they can see the repo. I want to limit access
> to a) the webserver process or b) a local terminal user.

Please respond to the list as well, usually by clicking on Reply-All. Also, don't top-post.

> Also the /Users folder perms is:
> drwxr-xr-x 6 root admin 204 18 Aug 10:03 Users

Now, there's your answer. The user that runs theweb server, _www, has permission to access /Users only becuase of the others permissions ______r-x.

You could change the ownership of /Users to _www but I guess the /Users contains also the home directories of your users so this woldn't be acceptable.

Why don't you create a directory directly under / owned by _www and access by _www only, for example

mkdir /repos
chown _www /repos
chmod 700 /repos
cp -R /Users/Svn /repos

Check that the permission of /repos/Svn are still correct and then amend your web server configuration file so that the repository points to /repos/Svn and not /Users/Svn

Giulio
Received on 2010-09-08 11:54:01 CEST