subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbl...@icloud.com
Subject Re: Blocking root from SVN repository
Date Wed, 27 Aug 2014 16:09:58 GMT

On Aug 27, 2014, at 8:28 AM, Zé <jose.passes@gmx.com> wrote:

> Additionally, to those security-concious people, installing servers on your workstation
just to access local repositories isn't exactly on the top of best practices.  Don't you agree?
> 


Not at all. Running a "server" which only answers to calls via the loopback interface (or
local-domain sockets) is quite common. In fact, look at your machine's own process list. You
will find a large number of helper processes that run with UIDs other than as root.

The point of separating your repository access to a "server" process allows you to insulate
file access permissions to one UID separate from your own (priviledge separation). If all
users on a single box access the repository through this "server" process, you create a layer
of abstraction and prevent file ownership/permissions flipping and actually _increase_ security
and preserve the integrity of your repo.
Mime
View raw message