With svn set up properly now, and the code flowing again, it's time to start looking at how to write the repository manager (codename TinyAuth).
The first problem is that I'm fairly conservative when it comes to permissions.
I like to stick to the default security model, and avoid setuid bits or chroot jails, since I'm a crap admin and this sort of stuff can be a bit mysterious to me (and thus I presume mysterious to many people)...
And yet my little CGI script needs to be able to update the permissions for people, ideally WITHOUT having to use a database at all.
And that means treating the htpasswd file as a primary data store.
Which creates a problem, since I most certainly DON'T want to allow the web user the ability to go wandering about the locations where security information is kept with write permissions.
So to resolve this, I'm going to go with the shadow file approach.
If you open the htpasswd file with Apache::Htpasswd::Shadow, it will create a copy of the file in a location it can write to, and apply changes to it there.
If you open ReadOnly, if will read from the shadow file. If you open readonly with no shadow file existing, it just reads from the main passwd file and doesn't need a shadow.
Otherwise it looks identical.
A separate cron job which runs as the user owning the password file does some additional checking will run every 5 minutes or so and apply the changes in the new version to the main passwd file.
This should, I hope, provide some element of separation security wise, without the need to resort to operating system level (and thus operating system specific) measures and allow TinyAuth to work on just about anything that can support CGI and file permissions.