{"id":485,"date":"2011-10-13T22:14:41","date_gmt":"2011-10-13T21:14:41","guid":{"rendered":"http:\/\/blog.schmoigl-online.de\/?p=485"},"modified":"2012-03-15T07:50:41","modified_gmt":"2012-03-15T06:50:41","slug":"subversion-installation-on-debian-with-plesk-without-security-issue","status":"publish","type":"post","link":"http:\/\/blog.schmoigl-online.de\/?p=485","title":{"rendered":"Subversion Installation on Debian with Plesk &#8211; Without Security Issue"},"content":{"rendered":"<p>Available at <a href=\"http:\/\/www.bluehelp.de\/tutorial\/svn-debian-plesk.html\">http:\/\/www.bluehelp.de\/tutorial\/svn-debian-plesk.html<\/a> there is a good (German) description on how to set up a Subversion repository on a Debian system if also Parallels Plesk Panel is installed. However, there is one thing that needs improvement there: When generating the HTTP password file with the two commands it happens with<\/p>\n<blockquote><p>\nhtpasswd \u2013cs \/var\/svnrepo\/dav_svn.passwd alice<br \/>\nhtpasswd \u2013s \/var\/svnrepo\/dav_svn.passwd tom\n<\/p><\/blockquote>\n<p>However, this implies that the password file is being generated with unix rights <em>rw-r&#8211;r&#8211;<\/em> and author\/group with the current user. It is well-known that password files which are world-readable are bad idea in any case and cause a security risk.<br \/>\nThus, I would like to enhance the statement on that page there by recommending to issue the following additional commands:<br \/>\n<code><br \/>\nchown .www-data \/var\/svnrepo\/dav_svn.passwd<br \/>\nchmod o-r \/var\/svnrepo\/dav_svn.passwd<br \/>\n<\/code><br \/>\nBy this the file still is readable by the Apache Webserver, but no &#8220;other&#8221; users will be allowed to read the contents of the hashed password file.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Available at <a href=\"http:\/\/www.bluehelp.de\/tutorial\/svn-debian-plesk.html\">http:\/\/www.bluehelp.de\/tutorial\/svn-debian-plesk.html<\/a> there is a good (German) description on how to set up a Subversion repository on a Debian system if also Parallels Plesk Panel is installed. However, there is one thing that needs improvement there: When generating the HTTP password file it is being generated with unix rights which can pose a security thread to your system. This post describes how to fix that.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,9],"tags":[],"class_list":["post-485","post","type-post","status-publish","format-standard","hentry","category-linux","category-subversion-svn"],"_links":{"self":[{"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=\/wp\/v2\/posts\/485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=485"}],"version-history":[{"count":2,"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=\/wp\/v2\/posts\/485\/revisions"}],"predecessor-version":[{"id":584,"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=\/wp\/v2\/posts\/485\/revisions\/584"}],"wp:attachment":[{"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=485"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.schmoigl-online.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}