[Fusionforge-general] Possible bug in 4.8.2
Thorsten Glaser
t.glaser at tarent.de
Wed Jan 6 16:04:26 CET 2010
Hi Evert,
please wrap your lines at 66‥72 chars, thanks!
On Wed, 6 Jan 2010, Evert Lammerts wrote:
> What does not work correctly - and in my interpretation above is a
> bug, not a feature - is the first option: a private repository can be
> SVN+SSH checked out by anybody who has an account on FusionForge (or
Hm, not in our installations.
> > > I propose to fix this by adjusting create_svn.php to set all
> > > permissions to user apache, and the group
> >
> > I am very strongly against this, because Apache shall never have
> > write permissions to the source (which is bad once it’s broken
> > into).
>
> That is not proposed, though. Apache will not be member of any UNIX
> group but its own, it'll just be the owner. Something like:
> USER (apache): r__
> GROUP (project group): rw_
> WORLD: depending on public access: r__ or ___
What prevents the user from simply chmodding the file? Right, nothing.
bye,
//mirabilos
--
tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
Geschäftsführer: Boris Esser, Elmar Geese
HRB AG Bonn 5168 - Ust-ID: DE122264941
http://www.tarent.com/
Heilsbachstr. 24, 53123 Bonn, fon +49 228 52675-0, fax +49 228 52675-25
Weigandufer 45, 12059 Berlin, fon +49 30 5682943-30, fax +49 228 52675-25
Schützenstr. 18, 10117 Berlin, fon +49 30 27594853, fax +49 30 78709617
More information about the Fusionforge-general
mailing list