Re: Blocking root from SVN repository

From: <jblist_at_icloud.com>
Date: Wed, 27 Aug 2014 09:09:58 -0700

On Aug 27, 2014, at 8:28 AM, Zé <jose.passes_at_gmx.com> wrote:

> Additionally, to those security-concious people, installing servers on your workstation just to access local repositories isn't exactly on the top of best practices. Don't you agree?
>

Not at all. Running a "server" which only answers to calls via the loopback interface (or local-domain sockets) is quite common. In fact, look at your machine's own process list. You will find a large number of helper processes that run with UIDs other than as root.

The point of separating your repository access to a "server" process allows you to insulate file access permissions to one UID separate from your own (priviledge separation). If all users on a single box access the repository through this "server" process, you create a layer of abstraction and prevent file ownership/permissions flipping and actually _increase_ security and preserve the integrity of your repo.
Received on 2014-08-27 18:10:27 CEST

This message: [ Message body ]
Next message: Dave Huang: "Re: Blocking root from SVN repository"
Previous message: Robert Heller: "Re: Blocking root from SVN repository"
In reply to: Zé: "Re: Blocking root from SVN repository"
Next in thread: Zé: "Re: Blocking root from SVN repository"
Reply: Zé: "Re: Blocking root from SVN repository"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]