Ximon Eighteen wrote:
> Michael Sinz wrote:
>
>>On 12/1/05, Max Bowsher <maxb1@ukf.net> wrote:
>>
>>>Michael Sinz wrote:
>>
>>[...]
>>
>>>>That way it would be the "authz" file in each repository.
>>>>
>>>>The option would be something like:
>>>>
>>>> AuthzSVNPerRepository On
>>>
>>>This has the disadvantage that the directive meaning is changed by
>>>another, potentially appearing many lines distant.
>>>
>>>I'd suggest instead:
>>>
>>>AuthzSVNAccessFileInRepository my-authz-file
>
> I misread the suggestion and took it to mean that the file to reference
> is stored *in* a subversion repository. The follow up post saying "where
> would that live" made me realise I misunderstood, but also the idea of
> the control file living in the repository struck me as kinda cool, e.g.
> obey the head revision of this path, where path can be a repository URL
> (though a remote URL would be daft).
>
> Then another thought crossed my tired brain: PostgreSQL has database
> tables representing its' state and I'm sure there's an example I can't
> quite bring to mind of a system storing its' settings in itself... made
> me think of a repository server having a special repository which is
> used to store its config with the benefit of versioning changes to the
> config.
I actually do this in the Insurrection tools. All of the authentication
and access control files are stored in a authentication repository. Every
password change, access rights change, etc. are all tracked in the repository
with log messages that say who did what (and when, from the rev date)
This basically provides an audit trail of the operations and also allows
me to manually edit the files from a secure SVN checkout/commit. (I have
a post-commit hook script that checks out the new commit into the server's
authentication directory.)
> Call me crazy, just thought it was interesting. Not thought through,
> probably lots of holes in the idea. Apologies for hijacking the thread,
> please start a new thread if there are replies to this.
I would not put the auth file into the repository it is controlling. But
having the files in a repository is a very good idea and one that I already
use external scripts to enforce. I find it works well. Now the only reason
to log into the server is to build and install newer versions of Subversion.
Everything else happens via the repository. (And even the build directory
and source are a build repository)
--
Michael Sinz Technology and Engineering Director/Consultant
"Starting Startups" mailto:michael.sinz@sinz.org
My place on the web http://www.sinz.org/Michael.Sinz
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Dec 2 03:34:27 2005