[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Blocking root from SVN repository

From: Robert Heller <heller_at_deepsoft.com>
Date: Wed, 27 Aug 2014 11:57:09 -0400

At Wed, 27 Aug 2014 16:28:46 +0100 =?ISO-8859-1?Q?Z=E9?= <jose.passes_at_gmx.com> wrote:

> On 08/27/2014 04:15 PM, Andreas Krey wrote:
> > The difference being that anybody can accidentally do a rm -rf on the
> > part after the file - anybody who can work with the repo.
> (...)
> > When you have a machine to place thefile:// to, you also have
> > something to run a server on.
> If the machine you place the file:// is the same where you can
> accidentallly do a rm -rf, accessing the file:// through a server won't
> help you with that problem.

Yes it will. With file://, the file ownership and permissions are such that
accidentallly doing a rm -rf would be a disaster. With svnserver or Apache,
the *ownershiip and permissions* should be such that doing a rm -rf *as a
normal user* (even one normally granted access to the repo via snv:// or
http://) will only raise an error ('you don't have permission to do that').
Running a *properly* set up svnserver or Apache + mod_dav_svn, means the files
in the repo are owned by a special user (eg svn:svn or apache:apache), for
which there is no login and only this special user has write access. People
using the repo are granted access via a separate mechanism and all actual
access to the repo's files is via the server process(es).

> Additionally, to those security-concious people, installing servers on
> your workstation just to access local repositories isn't exactly on the
> top of best practices. Don't you agree?

Not necessarily. It depends on how you do it and how you set up the ownership
and privs. If done properly, it is safer than file://.

> And I hate to repeat myself, but I'll repeat for the third time this
> question: if file:// is not intended to be used, then what are the
> available options for those who need a version control system and can't
> set up a server?
> Zé

Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller_at_deepsoft.com       -- Webhosting Services
Received on 2014-08-27 17:57:45 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.