svn + apache每个目录访问控制-禁止root修改权限文件
[英]svn+apache per directory access control - disable root from modifying permissions file
问题描述
I currently have an svn server running on a machine to which multiple users have root access. 
我目前有一台svn服务器,在多用户具有root访问权限的计算机上运行。 For the svn repository I want to use per-directory access control. 对于svn存储库,我想使用按目录的访问控制。 So I user the mod_dav module with apache and specify permissions in /etc/svn-access-file The problem is that since multiple users have root access, then can potentially modify this file to access content that they shouldn't be able to. 因此,我使用apache来使用mod_dav模块,并在/ etc / svn-access-file中指定权限。问题在于,由于多个用户具有root用户访问权限,因此可以潜在地修改此文件以访问他们不应该访问的内容。 Is there a way to restrict access or prevent users from modifying the svn-access-file without disabling root access for everyone else? 有没有一种方法可以限制访问或阻止用户修改svn-access-file而不禁用其他所有人的root访问权限?
Thanks, Gaurav 谢谢,高拉夫
2 个解决方案
解决方案1
3 已采纳 2009-07-19 21:05:59
You can set it to be readonly, then users will need to set rw before modifying. 您可以将其设置为只读,然后用户需要在修改之前设置rw。 That will deal with accidents, but not with determined users. 那将处理事故,但不会处理确定的用户。 As soon as user is root all bets are off. 一旦成为root用户,所有赌注都将关闭。
解决方案2
0 2009-07-19 22:03:52
Nope. 不。 Any user who can become root has absolute power over the system. 任何可以成为root用户的用户都具有对系统的绝对控制权。 That's why you shouldn't be handing out root user privileges to people for free. 这就是为什么您不应该免费向用户分发root用户特权。 A better idea would be to restrict the privilege level of the other users (assuming you are authorized to do so), and use groups to selectively enable access rights. 一个更好的主意是限制其他用户的特权级别(假设您被授权这样做),并使用组有选择地启用访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.