[darcs-users] it would be useful for patch-tag to turn off hard linking for darcs storage. can anyone suggest how to do that?
me at worldmaker.net
Sun Dec 20 05:58:45 UTC 2009
On 12/19/2009 23:27, Thomas Hartman wrote:
> Sure, though it's a little involved.
> Patch-Tag uses unix security for securing repos. When several users
> share a private repo, they are all on the same linux group, and the
> repo has rwxs for that group.
> However, darcs also has a global cache for patches (and whatever
> objects are under _darcs/hashed.inventory)
> These patches are shared across repos using hard links.
> So, what happens if you have two repos, with two owners, some hashes
> in common? The hardlinked file objects can only belong to one group,
> so somebody is not going to be able to access that repo.
One more secure possibility would be separate per-group global caches.
It might take some _darcs/prefs/sources and ~/.darcs/sources munging to
enforce it, and obviously your space utilization won't be as minimal as
possible, but you could continue to use unix groups to enforce
repository security. (Not that I know any exploits against it, but I'm
not a full time sysadmin.)
More information about the darcs-users