>
Linedata Limited Registered Office: 85 Gracechurch St., London, EC3V 0AA Registered in England and Wales No 3475006 VAT Reg No 710 3140 03 -----Original Message----- > From: Matthew Allen [mailto:f...@memecode.com] > Sent: 08 September 2010 10:35 > To: Giulio Troccoli > Subject: RE: Help with Mac repositry permissions > > The problem is that I want to make sure this is secure, and > the fact that it seems to be using the webserver seems to be > using the global permissions indicates to me that the repo > files are not being correctly protected. If someone gets into > my machine then they can see the repo. I want to limit access > to a) the webserver process or b) a local terminal user. Please respond to the list as well, usually by clicking on Reply-All. Also, don't top-post. > Also the /Users folder perms is: > drwxr-xr-x 6 root admin 204 18 Aug 10:03 Users Now, there's your answer. The user that runs theweb server, _www, has permission to access /Users only becuase of the others permissions ______r-x. You could change the ownership of /Users to _www but I guess the /Users contains also the home directories of your users so this woldn't be acceptable. Why don't you create a directory directly under / owned by _www and access by _www only, for example mkdir /repos chown _www /repos chmod 700 /repos cp -R /Users/Svn /repos Check that the permission of /repos/Svn are still correct and then amend your web server configuration file so that the repository points to /repos/Svn and not /Users/Svn Giulio
