Available at http://www.bluehelp.de/tutorial/svn-debian-plesk.html there is a good (German) description on how to set up a Subversion repository on a Debian system if also Parallels Plesk Panel is installed. However, there is one thing that needs improvement there: When generating the HTTP password file with the two commands it happens with
htpasswd –cs /var/svnrepo/dav_svn.passwd alice
htpasswd –s /var/svnrepo/dav_svn.passwd tom
However, this implies that the password file is being generated with unix rights rw-r–r– and author/group with the current user. It is well-known that password files which are world-readable are bad idea in any case and cause a security risk.
Thus, I would like to enhance the statement on that page there by recommending to issue the following additional commands:
chown .www-data /var/svnrepo/dav_svn.passwd
chmod o-r /var/svnrepo/dav_svn.passwd
By this the file still is readable by the Apache Webserver, but no “other” users will be allowed to read the contents of the hashed password file.