>>>>> On Thu, 22 May 2003, "Keith" == Keith Craig wrote:
Keith> My understanding is that, to change the user permissions to
Keith> a repository, we need to restart Apache, thereby bringing
Keith> Subversion down briefly?
Yes, if you restart Apache, then there will be a small window of
'downtime' during which the repository is inaccessible. However, a
restart of Apache, barring any major problems introduced to a config
file, is rather quick; i.e. seconds, not minutes. Anyone trying to
access the web server during that window will get an error, but they
just need to 'try again'. Also, I would consider anything like
adding a user or changing repository permissions to fall into the
realm of "planned downtime" which *should* be planned and
communicated to the user base well in advance of any such occurrence.
(hey, I live in Theory, everything 'just works' here :)
Keith> it would be pretty painful to alert everyone and have them
Keith> stop using source control for a few minutes while we add
Keith> a new user or make a change. (This would probably come up
Keith> when creating a new repository, when adding developers to an
Keith> existing project, or when hiring new developers or having
Keith> developers leave.)
Well, this all comes down to "proper planning" when designing your
infrastructure. First, you shouldn't have to stop/start your
software to "add a new user". You need to have your webserver do the
authentication against an external, disconnected entity such as LDAP
or NIS, etc. (Actually, I think you can add users to an htpasswd file
without restarting apache, but I'm not positive). The virtues of
centralized user administration are well worth the overhead of
managing them when compared to the pitfalls of having to maintain
multiple, disparate user database environments.
As far as creating new repos, and having them accessible to the
developers, you should be able to use the SVNParentPath directive in
Apache to centralize the location of all your repositories down a
common path on the physical server. I believe you can then use
subsection directives for the separate repositories if individual
access control rules are required on each repository.
HTH,
--
Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
It may look like I'm just sitting here doing nothing,
but I'm really actively waiting for all my problems to go away.
If you're not having fun, you're not doing it right!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu May 22 19:37:25 2003