Subversion: unix permissions on disk for secure apache access

Question

I moved a Subversion repository from a Windows box to a UNIX machine. In both environments I've handled authentication through Apache.

On the UNIX box after the move, I could checkout source but received the following error when committing anything:

svn: Can't open file '/home/brianly/svn/test/db/txn-current-lock': Permission denied

It seemed to be a UNIX permission issue and the following command resolves the issue:

chmod -R 777 /home/brianly/svn/test

Now, I've opened this up to be writable by all users (right?). Is there a security issue with doing this? Should I have changed the owner to be the apache user (daemon) instead? What's the best practice for setting the file system permissions?

Answer 1

What you should do is change the directory owner to the apache process user, e.g.

chown -R apache /home/brianly/svn/test

You need to run chown as root (directly or through sudo).

You can see who the user is with (if it's linux):

ps -fadeww|grep httpd

And don't forget to change it back to 755 or 700 or whatever.

Answer 2

If the only access is through HTTP, then you can limit access to the user the web server runs under. Right now with 777, this is not only a security risk with respect to local users but also a loss of permissions as you have just made executables files that should not be... See orip's answer for the rest.