[darcs-users] it would be useful for patch-tag to turn off hard linking for darcs storage. can anyone suggest how to do that?

Max Battcher me at worldmaker.net
Sun Dec 20 05:58:45 UTC 2009


On 12/19/2009 23:27, Thomas Hartman wrote:
> Sure, though it's a little involved.
>
> Patch-Tag uses unix security for securing repos. When several users
> share a private repo, they are all on the same linux group, and the
> repo has rwxs for that group.
>
> However, darcs also has a global cache for patches (and whatever
> objects are under _darcs/hashed.inventory)
>
> These patches are shared across repos using hard links.
>
> So, what happens if you have two repos, with two owners, some hashes
> in common? The hardlinked file objects can only belong to one group,
> so somebody is not going to be able to access that repo.

One more secure possibility would be separate per-group global caches. 
It might take some _darcs/prefs/sources and ~/.darcs/sources munging to 
enforce it, and obviously your space utilization won't be as minimal as 
possible, but you could continue to use unix groups to enforce 
repository security. (Not that I know any exploits against it, but I'm 
not a full time sysadmin.)

--
--Max Battcher--
http://worldmaker.net


More information about the darcs-users mailing list