[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Best Practices: SVN for configuration files - round 2

From: Steve Seremeth <subversion_at_seremeth.com>
Date: 2004-12-02 23:21:20 CET

Hello -

I've been researching using Subversion for system files (*nix boxes,
primarily) and I'm having a hard time deciding the best approach. What
is everyone else doing? I have been through the archives and seen a
number of threads about this and a lot of the same questions have been
discussed with no clear solution that fills the need (some are pretty
close).

Here's one of several previous threads on this issue:
http://subversion.tigris.org/servlets/ReadMsg?list=users&msgId=279816

2 Primary Techniques:
1. Your filesystem is your working copy
2. You clone the filesystem in the repository and use a different local
directory to store your working copy other than /

Both methods require that you find a way to maintain file ownership and
permissions. Ross Mark's "asvn" script does a nice job of this (if you
want every file in the fs checked into your repository) by storing this
data in the properties of the files/dirs with pre and post svn shell
wrappers.

Option 1:
* You have .svn dirs in your filesystem.
    - Problematic if you care at all about security because the
"text-base" files are world readable.
    - .svn dirs may cause issues with some daemons and/or rc dirs
* You don't have to worry about moving files around and reverting
becomes an easy task

Option 2:
* You _do_ have to worry about moving files around (not a big deal)
* Doesn't solve the security issue. If you place the working copy in a
place where only root can read it, everyone else can't check files in
and out of the repository

I'm probably going to just write something similar to Ross' script that
stores the permissions/ownership in the file properties, but the
remaining issues are:
* Where do I locate the working copy? Do I end up doing a working copy
for root-owned files and another for everything else? That seems pretty
gross.
* Is there a way to handle security in such a way that everyone can see
what they need to see and only that?

The handful of admins who would be using this all login as themselves
and then su, so capturing their usernames for repository authentication
(as themselves for auditing) shouldn't be a big deal. I know subversion
wasn't designed for this, but if I get it working correctly, it's going
to solve a big problem.

Thanks for any advice -

Steve

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 2 23:24:19 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.