[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: database permissions

From: Dirk van Deun <dvandeun_at_wilma.vub.ac.be>
Date: 2004-03-09 20:23:46 CET

> >I'd like to do access control on a svn repository by simple unix group
> >permissions. I can chown and chmod the files in .../db/... but I
> >notice that extra files get created when the repository is used (named
> >log.0000000002, log.0000000003,...). Those do not get the ownership
> >and permissions of the rest of the files. Is this fixable ?
> >
> >I could ask the users to set their umask, and newgrp to the ad hoc
> >project group before using svn; and this is fine for developing on the
> >server itself, but it is impractical with svn+ssh-access.
> Use a wrapper that sets umask and does anything else required. There's
> some discussion of this here:
> http://www.contactor.se/~dast/svnusers/archive-2003-08/0548.shtml

Well, yes, I already read that -- did my google-homework -- but that
is so dirty. It can work in many cases, that is if every user of the
system is involved in at most one svn-project. Something like:

if id | grep project1 >/dev/null; then newgrp project1; umask 007; fi
if id | grep project2 >/dev/null; then newgrp project2; umask 007; fi
if id | grep project3 >/dev/null; then newgrp project3; umask 007; fi
if id | grep project4 >/dev/null; then newgrp project4; umask 007; fi
real-svnserve $*

If everyone is member of at most one project group, this works fine.
With clever programming and some conventions, I could even make it
unnecessary to change the wrapper script whenever a project is added.
But this is no real solution, this is a hack that happens to work
in many cases. Is there no better way ?

Dirk van Deun

Licensed to (kill -9)
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 9 20:25:03 2004

This is an archived mail posted to the Subversion Users mailing list.