umask...

[adler at stephenadler.com (Stephen Adler)]

I'm currently setting up a subversion repository server which will host 
many different repositories, and I need to make sure users who have 
access to one repository do not have access to another. The way I'm 
going about this is setting up groups and through the group ownership of 
each repository top level directory along with chmod of 770, this should 
do the trick. i.e.

ls -l /dcbase/SVNRepositories/
drwxrws---  7 softadmin   projarepository 4096 Oct 21 08:44 ProjARepository

When I logged in as softadmin and created the repository the file 
permissions were then for the files under the top level directory...

[softadmin at dc ~]$ ls -l /dcbase/SVNRepositories/ProjARepository/
total 28
drwxrwsr-x  2 softadmin projarepository 4096 Oct 21 08:44 conf
drwxrwsr-x  2 softadmin projarepository 4096 Oct 21 08:44 dav
drwxrwsr-x  5 softadmin projarepository 4096 Oct 21 08:44 db
-r--r--r--  1 softadmin projarepository    2 Oct 21 08:44 format
drwxrwsr-x  2 softadmin projarepository 4096 Oct 21 08:44 hooks
drwxrwsr-x  2 softadmin projarepository 4096 Oct 21 08:44 locks
-rw-rw-r--  1 softadmin projarepository  229 Oct 21 08:44 README.txt

Notice how the umask then turned my 770 into 775 for the directories 
under the top level directory for the repository. I tried to access the 
repository (by doing an svn list) from a user who was not a member of 
projarepository and it gave me access deigned, which is what I want. The 
question I have is whether I should go the extra step and change the 
default umask from 0002 to 0007 for all users so that when a user who's 
a member of the projarepository makes checkouts and commits, the world 
access bits will be turned off. Or is this just more work and I'm not 
getting anything for it.

All comments greatly appreciated!

Cheers. Steve.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.