Subversion security - protecting from other users on shared host

apps

#1

Hi everyone.

I am evaluating dreamhost as a svn server for a distributed development team. My concern is whether my svn repositories will be protected from other users on the same dreamhost box and from the internet at large. I read the following links but I would appreciate if someone could validate my assumptions:

http://wiki.dreamhost.com/index.php/Subversion#Subversion_on_DreamHost


http://matthewhutchinson.net/2006/4/24/multiple-svn-users-on-dreamhost

  1. Is the following sufficient to protect from random people on the internet?

I signed up with dreamhost and created a test subversion respository through the panel interface. I logged into my account through Putty (using bash interface). I deleted the svn repo’s .access and .passwd file because I don’t want anyone on my team to use that interface. Instead, I am making shell accounts for everyone and having them create ssh keys so that repository can be accessed through svn+ssh using TortoiseSVN.

  1. Am I protected from other users on the same dreamhost box?

My background is primarily windows and osx but I do have some experience with linux. Can someone tell me whether the following permissions will protect me from other users on the dreamhost box? It seems like “others” can read the raw svn repo files.

[dreamhost]$ ls -la
total 72
drwxr-xr-x  10 username pg1234560  4096 2010-10-18 01:36 .
drwxr-x--x 668 root     root      20480 2010-10-18 22:26 ..
-rw-r--r--   1 username pg1234560   260 2010-08-06 14:55 .alias
-rw-r--r--   1 username pg1234560    81 2010-08-06 14:55 .bash_profile
-rw-r--r--   1 username pg1234560    55 2010-08-06 14:55 .bashrc
-rw-r--r--   1 username pg1234560   417 2010-08-06 14:55 .cshrc
drwxr-xr-x   6 username pg1234560  4096 2010-08-27 21:19 .svn
drwxr-xr-x   5 username pg1234560  4096 2009-03-05 14:48 Maildir
dr-xr-x---   6 username dhapache   4096 2010-10-18 01:31 logs
drwxr-xr-x   3 username pg1234560  4096 2010-10-18 01:34 svn
[dreamhost]$ cd svn
[dreamhost]$ ls -la
total 20
drwxr-xr-x  3 username  pg1234560 4096 2010-10-18 01:34 .
drwxr-xr-x 10 username  pg1234560 4096 2010-10-18 01:36 ..
drwxrwxr-x  6 dhapache  pg1234560 4096 2010-10-18 01:33 TestRepo
-rw-r-----  1 username  dhapache    17 2010-10-18 01:34 TestRepo.access
-rw-r-----  1 username  dhapache    22 2010-10-18 01:34 TestRepo.passwd
[dreamhost]$ cd TestRepo
[dreamhost]$ ls -la
total 32
drwxrwxr-x 6 dhapache pg1234560 4096 2010-10-18 01:33 .
drwxr-xr-x 3 username pg1234560 4096 2010-10-18 01:34 ..
-rw-rw-r-- 1 dhapache pg1234560  229 2010-10-18 01:33 README.txt
drwxrwxr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 conf
drwxrwsr-x 6 dhapache pg1234560 4096 2010-10-18 01:33 db
-r--rw-r-- 1 dhapache pg1234560    2 2010-10-18 01:33 format
drwxrwxr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 hooks
drwxrwxr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 locks
[dreamhost]$ cd db
[dreamhost]$ ls -la
total 44
drwxrwsr-x 6 dhapache pg1234560 4096 2010-10-18 01:33 .
drwxrwxr-x 6 dhapache pg1234560 4096 2010-10-18 01:33 ..
-rw-rw-r-- 1 dhapache pg1234560    2 2010-10-18 01:33 current
-r--rw-r-- 1 dhapache pg1234560   22 2010-10-18 01:33 format
-rw-rw-r-- 1 dhapache pg1234560    5 2010-10-18 01:33 fs-type
drwxrwsr-x 3 dhapache pg1234560 4096 2010-10-18 01:33 revprops
drwxrwsr-x 3 dhapache pg1234560 4096 2010-10-18 01:33 revs
drwxrwsr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 transactions
-rw-rw-r-- 1 dhapache pg1234560    2 2010-10-18 01:33 txn-current
-rw-rw-r-- 1 dhapache pg1234560    0 2010-10-18 01:33 txn-current-lock
drwxrwsr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 txn-protorevs
-rw-rw-r-- 1 dhapache pg1234560   37 2010-10-18 01:33 uuid
-rw-rw-r-- 1 dhapache pg1234560    0 2010-10-18 01:33 write-lock
[dreamhost]$ cd revs
[dreamhost]$ ls -la
total 12
drwxrwsr-x 3 dhapache pg1234560 4096 2010-10-18 01:33 .
drwxrwsr-x 6 dhapache pg1234560 4096 2010-10-18 01:33 ..
drwxrwsr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 0
[dreamhost]$ cd 0
[dreamhost]$ ls -la
total 12
drwxrwsr-x 2 dhapache pg1234560 4096 2010-10-18 01:33 .
drwxrwsr-x 3 dhapache pg1234560 4096 2010-10-18 01:33 ..
-rw-rw-r-- 1 dhapache pg1234560  115 2010-10-18 01:33 0

I appreciate any suggestions and recommendations on how to create a secure svn setup on dreamhost. Thanks in advance.

Jughead


#2

Not sure about your first question, but for the second, you can test it out for yourself by making another user account, logging in, and trying to access your repository.