Login | Register
My pages Projects Community openCollabNet

Discussions > users [DISABLED] > Repository version 1.5+ breaks security model?

subversion
Discussion topic

Back to topic list

Repository version 1.5+ breaks security model?

Author David Bauer <astgtciv2009 at gatech dot edu>
Full name David Bauer <astgtciv2009 at gatech dot edu>
Date 2009-04-28 07:57:24 PDT
Message I recognize that this is a bit out of date, but I just discovered it today.
I administer a SVN repository for my research group, where we have a large number of users with read/write access. In order to prevent a user from (accidently or purposely) corrupting the database, the file permissions were set as such:
drwxr-x--- 2 root svnusers 4096 2007-08-24 09:25 conf
drwxr-x--- 2 root svnusers 4096 2007-08-24 09:25 dav
drwxrws--- 5 root svnusers 4096 2009-03-03 19:39 db
-rw-r----- 1 root svnusers 2 2007-08-24 09:25 format
drwxr-x--- 2 root svnusers 4096 2007-09-27 15:01 hooks
drwxr-x--- 2 root svnusers 4096 2007-08-24 09:25 locks
-rw-r----- 1 root svnusers 229 2007-08-24 09:25 README.txt

On the db directory:
-rw-rw---- 1 david svnusers 9 2009-03-03 19:39 current
-rw-r----- 1 root svnusers 2 2007-08-24 09:25 format
-rw-r----- 1 root svnusers 5 2007-08-24 09:25 fs-type
drwxrws--T 2 root svnusers 4096 2009-03-03 19:39 revprops
drwxrws--T 2 root svnusers 4096 2009-03-03 19:39 revs
drwsrws--T 2 root svnusers 4096 2009-03-03 19:39 transactions
-rw-r----- 1 root svnusers 37 2007-08-24 09:37 uuid
-rw-rw---- 1 root svnusers 0 2007-08-24 09:25 write-lock

The contents in the revs and revprops directories look like:
-rw-r----- 1 david svnusers 3500 2009-03-03 19:39 274

So, a user can only change their own commits.
(svnadmin verify and a backup of the repository are done by cron jobs, so if a user changes a commit that came before another user's commit, the non-matching checksum would be flagged.)

Now, with repository version 1.5+ (fsfs version 5, db version 3), I can't find any way to do the same thing. The first error I encountered was creating txn-current.tmp. Then, it tries to move txn-current.tmp over txn-current. I can't see any way to do that without giving users the ability to overwrite every file in the directory. A similar problem occurs with current.tmp -> current.

Is this type of security model not supported any more, or is there a way to make it work still?


David Bauer

« Previous message in topic | 1 of 5 | Next message in topic »

Messages

Show all messages in topic

Repository version 1.5+ breaks security model? David Bauer <astgtciv2009 at gatech dot edu> David Bauer <astgtciv2009 at gatech dot edu> 2009-04-28 07:57:24 PDT
     Re: Repository version 1.5+ breaks security model? David Weintraub <qazwart at gmail dot com> David Weintraub <qazwart at gmail dot com> 2009-04-28 08:19:14 PDT
         Re: Repository version 1.5+ breaks security model? gdt Greg Troxel 2009-04-28 08:42:50 PDT
         Re: Repository version 1.5+ breaks security model? David Bauer <astgtciv2009 at gatech dot edu> David Bauer <astgtciv2009 at gatech dot edu> 2009-04-28 08:52:43 PDT
             Re: Repository version 1.5+ breaks security model? David Weintraub <qazwart at gmail dot com> David Weintraub <qazwart at gmail dot com> 2009-04-28 09:14:12 PDT
Messages per page: