[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Issue 775: need straightforward way to control subdirectory access

From: Blair Zajac <blair_at_orcaware.com>
Date: 2002-07-11 01:28:34 CEST

I need acls for my repos that contains multiple projects, so I'm
going to start working on a pre-commit access control Perl (oops,
there's that word again) script that is discussed in this issue:


It'll check the txn and against a list of valid users and paths.

The question is how to set up a configuration file that lists who
has access to what parts of the tree.

One obvious one to base this off the acl config file format that
is used on the Apache tree. From cvs_acls.pl:

# ==== FORMAT OF THE acl FILE:
# The acl file determines whether you may commit files. It contains lines
# read from top to bottom, keeping track of a single "bit". The "bit"
# defaults to "on". It can be turned "off" by "unavail" lines and "on" by
# "avail" lines. ==> Last one counts.
# Any line not beginning with "avail" or "unavail" is ignored.
# Lines beginning with "avail" or "unavail" are assumed to be '|'-separated
# triples: (All spaces and tabs are ignored in a line.)
# {avail.*,unavail.*} [| user,user,... [| repos,repos,...]]
# 1. String starting with "avail" or "unavail".
# 2. Optional, comma-separated list of usernames.
# 3. Optional, comma-separated list of repository pathnames.
# These are pathnames relative to $CVSROOT. They can be directories or
# filenames. A directory name allows access to all files and
# directories below it.
# Example: (Text from the ';;' rightward may not appear in the file.)
# unavail ;; Make whole repository unavailable.
# avail|dgg ;; Except for user "dgg".
# avail|fred, john|bin/ls ;; Except when "fred" or "john" commit to
# ;; the module whose repository is "bin/ls"

This never really appealed to me, using the words "unavail" and "avail",
but aside from that, seems ok.

Given that we have multiple directories per project, such as
/trunk/proj1 and /tags/proj1, etc, it looks useful to have the
acl configuration file repository portions match regular expressions,


then you could do


but then we'd have to change the separator from | to something else.

There was a previous discussion regarding commit-email.pl to use
the Windows configuration file format with a single section per

# Make the entire repository read only.
regex = .
access = readonly

# Give bob and joe write access to proj1.
regex = ^/{tags|trunk}/proj1
users = bob joe
access = readwrite

This one looks cleaner, so unless there are reasons not to do this,
I'm going to use this one.

Using this format will require the AppConfig module, unless I want
to write a new parser from scratch, which would be a complete waste
of time.

To see what requirements AppConfig has to install into your Perl,
I downloaded a fresh install of ActiveState Perl build 633 from
installed it in a temporary directory and attempted to install
AppConfig into it. There were no additional Perl packages that
AppConfig required.


Blair Zajac <blair@orcaware.com>
Web and OS performance plots - http://www.orcaware.com/orca/
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jul 11 01:29:17 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.