Reputation: 2166
svn+apache per directory access control - disable root from modifying permissions file
I currently have an svn server running on a machine to which multiple users have root access. For the svn repository I want to use per-directory access control. So I user the mod_dav module with apache and specify permissions in /etc/svn-access-file The problem is that since multiple users have root access, then can potentially modify this file to access content that they shouldn't be able to. Is there a way to restrict access or prevent users from modifying the svn-access-file without disabling root access for everyone else?
Thanks, Gaurav
Upvotes: 0
Views: 973
Answers (2)
Reputation: 95449
Nope. Any user who can become root has absolute power over the system. That's why you shouldn't be handing out root user privileges to people for free. A better idea would be to restrict the privilege level of the other users (assuming you are authorized to do so), and use groups to selectively enable access rights.
Upvotes: 0
Reputation: 7258
You can set it to be readonly, then users will need to set rw before modifying. That will deal with accidents, but not with determined users. As soon as user is root all bets are off.
Upvotes: 3
Related Questions
- How to configure SVN web access for different write permissions?
- Modifying subversion file permissions
- Avoid having subversion modify Linux file permissions.
- Enable read permission to parent directory in Subversion
- How to allow user r/w access to certain sub-folder but not giving access to the parent folder?
- make svn maintain the file permission
- Subversion with Apache and permissions issues
- per-directory permission in svn
- svn+apache per directory access control: weird permissions issue (403 Forbidden error)
- Subversion: unix permissions on disk for secure apache access