[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion User Administration Concern

From: Paul L Lussier <pll_at_lanminds.com>
Date: 2003-05-22 19:36:32 CEST

>>>>> On Thu, 22 May 2003, "Keith" == Keith Craig wrote:

  Keith> My understanding is that, to change the user permissions to
  Keith> a repository, we need to restart Apache, thereby bringing
  Keith> Subversion down briefly?

Yes, if you restart Apache, then there will be a small window of
'downtime' during which the repository is inaccessible. However, a
restart of Apache, barring any major problems introduced to a config
file, is rather quick; i.e. seconds, not minutes. Anyone trying to
access the web server during that window will get an error, but they
just need to 'try again'. Also, I would consider anything like
adding a user or changing repository permissions to fall into the
realm of "planned downtime" which *should* be planned and
communicated to the user base well in advance of any such occurrence.
(hey, I live in Theory, everything 'just works' here :)

  Keith> it would be pretty painful to alert everyone and have them
  Keith> stop using source control for a few minutes while we add
  Keith> a new user or make a change. (This would probably come up
  Keith> when creating a new repository, when adding developers to an
  Keith> existing project, or when hiring new developers or having
  Keith> developers leave.)

Well, this all comes down to "proper planning" when designing your
infrastructure. First, you shouldn't have to stop/start your
software to "add a new user". You need to have your webserver do the
authentication against an external, disconnected entity such as LDAP
or NIS, etc. (Actually, I think you can add users to an htpasswd file
without restarting apache, but I'm not positive). The virtues of
centralized user administration are well worth the overhead of
managing them when compared to the pitfalls of having to maintain
multiple, disparate user database environments.

As far as creating new repos, and having them accessible to the
developers, you should be able to use the SVNParentPath directive in
Apache to centralize the location of all your repositories down a
common path on the physical server. I believe you can then use
subsection directives for the separate repositories if individual
access control rules are required on each repository.


Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE
	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.
	 If you're not having fun, you're not doing it right!
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu May 22 19:37:25 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.