[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[security question] commit-email.pl completely ignores access rules

From: Stan Devyatovsky <stan_at_devyatovsky.com>
Date: 2005-05-01 11:20:36 CEST

Hello,

 I am interested in best security practices with Subversion. I've been
 very happy to setup Apache2+mod_dav_svn instead of standalone
 svnserve, because it allows for much better access control.

 Being able to restrict users from accessing each particular file or
 folder is just great!

 However, we also use a Post Commit hook script - commit-email.pl, and
 it completely disregards the security rules we've setup.

 Example security rules:
[project:/src/harry]
*=
harry=rw
[project:/src/sally]
*=
sally=rw
[project:/src/shared]
*=rw
I don't want Harry to see Sally's source dir, and I don't want Sally
to see Harry's source dir either. However they have a shared source
folder, and they can both access it.
Now, since we have a post commit hook (commit-email.pl), upon each
commit both Harry and Sally will receive email notification with all
changes in there. Sally will actually receive all Harry's changes via
email, even those which he did in his private folder: /src/harry - and
Sally is not supposed to ever see it!

Is there any way to limit email notification, so that Sally sees only
what she is supposed to see (changes in /src/sally and /src/shared,
but not in /src/harry) ?
Any ideas are welcome and greatly appreciated.

-- 
Best regards,
 Stan                          mailto:stan@devyatovsky.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun May 1 11:24:24 2005

This is an archived mail posted to the Subversion Users mailing list.