[Fusionforge-general] Possible bug in 4.8.2

Thorsten Glaser t.glaser at tarent.de
Wed Jan 6 16:04:26 CET 2010


Hi Evert,

please wrap your lines at 66‥72 chars, thanks!


On Wed, 6 Jan 2010, Evert Lammerts wrote:

> What does not work correctly - and in my interpretation above is a
> bug, not a feature - is the first option: a private repository can be
> SVN+SSH checked out by anybody who has an account on FusionForge (or

Hm, not in our installations.

> > > I propose to fix this by adjusting create_svn.php to set all
> > > permissions to user apache, and the group
> > 
> > I am very strongly against this, because Apache shall never have
> > write permissions to the source (which is bad once it’s broken
> > into).
> 
> That is not proposed, though. Apache will not be member of any UNIX
> group but its own, it'll just be the owner. Something like:
> USER (apache): r__
> GROUP (project group): rw_
> WORLD: depending on public access: r__ or ___

What prevents the user from simply chmodding the file? Right, nothing.

bye,
//mirabilos
-- 
tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
Geschäftsführer: Boris Esser, Elmar Geese
HRB AG Bonn 5168 - Ust-ID: DE122264941
http://www.tarent.com/

Heilsbachstr. 24, 53123 Bonn,   fon +49 228 52675-0,   fax +49 228 52675-25
Weigandufer 45,   12059 Berlin, fon +49 30 5682943-30, fax +49 228 52675-25
Schützenstr. 18,  10117 Berlin, fon +49 30 27594853,   fax +49 30 78709617




More information about the Fusionforge-general mailing list