On 2020-08-11 22:29:41 -0500, Derek Martin wrote: > On Wed, Aug 12, 2020 at 02:40:16AM +0200, Vincent Lefevre wrote: > > On 2020-08-06 18:40:50 -0500, Derek Martin wrote: > > > Are you serious, Vincent? I'm pretty sure you well know that this is > > > a horrible idea, clearly contrary to best security practices, that no > > > competent sysadmin managing servers holding anything vaguely sensitive > > > would ever allow on a multi-user system (and we've already established > > > that systems only ever used by one human render the configurable umask > > > moot). This is system security 101 (e.g. SANS GSEC). Users to > > > usernames are 1:1. > > > > This is complete nonsense. > > I agree; everything you said that followed IS complete nonsense. > The subversion example is a special case of an application that you > use through a web server, that has its own security implications.
Wrong! Subversion does not need a web server. The simplest way is via "file:" URLs, which is precisely what is discouraged. The recommended solution for a personal repository is the following: https://svn.haxx.se/users/archive-2008-08/0993.shtml I quote: "[...] specify the username for the svnserve user that isn't the same as your own account name on that box." So, the user has 2 accounts: the normal one and the one dedicated to Subversion repository operations. > It's nothing like using multiple users on your system to do different > tasks, like reading your e-mail with one user, and then handling > attachments with a different one. Correction: reading e-mail and handling attachments with one uid, but also being able to access saved attachments with another uid. FYI, the same kind of thing can nowadays be done via a sandbox, and this is the reason why firejail was written, for instance. There's the same idea of main environment and restricted environment. Note: Even without a sandbox, one does not absolutely need to make attachments group accessible. The main account could do a SSHFS mount of the directory that contains the saved attachments. But allowing to control the permissions of the attachments inside Mutt would avoid the need for SSHFS. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
