On 25.08.2005, at 02:52, Christopher Ness wrote:
> On Wed, 2005-08-24 at 15:35 -0700, Zac Wolfe wrote:
>
>> I’m working on a filesharing app that uses SVN on the backend and I
>> need to implement per-user file-level permissions. Is there a
>> command
>> to retrieve a list of all valid users for a given repository (just
>> the
>> names, no passwords)?
> file://, or svn+ssh:// usually is dependent on /etc/shadow
> and /etc/passwd The later of which is usually world readable.
Doesn't have to be. On our Gentoo Linux servers, we use LDAP; Mac OS
X computers use NetInfo. /etc/passwd will not contain anything useful
with regard to names of actual users on such systems.
> svn:// uses a svnserve.conf file, you could filter out the users from
> there.
>
> http[s]:// requires an htpasswd file of some type to authenticate
> against which has user names as the first argument and then a hash of
> their passwords. This is more secure if it isn't world readable
> like /etc/shadow - but it might be.
That doesn't have to be either. HTTP[S] can use any authentication
mechanism offered by Apache. It's not limited to .htpasswd files. We
use LDAP for this too.
This points to the heart of the problem: Subversion is not an
authentication system, but it can use several different
authentication systems. So you need to write something that talks to
the authentication system you use for Subversion. Or, if you want a
general solution, you need to write something that talks to all
authentication systems that could be used with Subversion (that's
probably a long list).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 25 15:45:15 2005