You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Olaf van der Spek <Ov...@LIACS.NL> on 2006/02/10 21:05:31 UTC

Why is conf/passwd world-readable?

Hi,

Why is conf/passwd sometimes world-readable (depending on umask)?
I think it should never be world-readable and always be created with 
mode 600.

Olaf

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Why is conf/passwd world-readable?

Posted by Olaf van der Spek <Ov...@LIACS.NL>.

Marcus Rueckert wrote:
> On 2006-02-10 22:05:31 +0100, Olaf van der Spek wrote:
>> Why is conf/passwd sometimes world-readable (depending on umask)?
>> I think it should never be world-readable and always be created with 
>> mode 600.
> 
> 1. because the password file has no protection worth data by default.
> 2. if you use a dedicated svn server there is no problem with world
>    readable.
> 3. you dont use a dedicated svn server? you will definitely know how
>    to protect the file better. no?

I don't see any argument for the world readable bit.
In 1, 2 and 3 the bit isn't needed, so according to the least privileges 
principle, the bit shouldn't be set.

> normally people create new repositories as root and chown/chgrp/chmod
> them to the correct permissions to the svnserve can read it. one chmod
> command more to make it only readable by the svnserve should not be this
> hard.

It's not hard, but why not make it a bit easier for the user?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Why is conf/passwd world-readable?

Posted by Marcus Rueckert <da...@web.de>.

On 2006-02-10 22:05:31 +0100, Olaf van der Spek wrote:
> Why is conf/passwd sometimes world-readable (depending on umask)?
> I think it should never be world-readable and always be created with 
> mode 600.

1. because the password file has no protection worth data by default.
2. if you use a dedicated svn server there is no problem with world
   readable.
3. you dont use a dedicated svn server? you will definitely know how
   to protect the file better. no?

normally people create new repositories as root and chown/chgrp/chmod
them to the correct permissions to the svnserve can read it. one chmod
command more to make it only readable by the svnserve should not be this
hard.

just my 2 cents

    darix

-- 
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org