[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: prevent Linux root from seeing my files

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Mon, 29 Nov 2010 12:59:11 -0600

On 11/29/2010 11:21 AM, Piotr Kabaciński wrote:
>
>>> If you are able to create dedicated partition you could encrypt repo
>>> like described here:
>>> http://www.hypersphere.org/personal/svn.shtml
>>
>> With some pretty important drawbacks, the no diff/conflict resolution
>> would be
>> a dealbreaker for me
>
> With encryption on filesystem level files in repo are not saved as
> binary (in terms of svn). Svn with repo works like it works before.
> Drawback is that OS has to compress and decompress file every time you
> need to commit/checkout.
> Diff would be useless if you encrypt every file before commit, and send
> it as binary, and that is not this situation.

Yes, but the filesystem as mounted with the encryption key would still
be visible to root.

If you can get another IP address, it might work to run a virtual
machine on the existing hardware under vmware, virtualbox, xen, kvm,
etc. You'd need root support to set it up and root on the host would
still be able to shut down and delete the image, but the virtual machine
could have a different root password and not be directly accessible to
root on the host. However even that would not be completely safe - I
think there are some tools that let you mount virtual machine disk
images into a physical machine.

-- 
    Les Mikesell
     lesmikesell_at_gmail.com
Received on 2010-11-29 19:59:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.