RE: Roles in subversion and access restriction
Roles and access restrictions are implemented by the hook scripts only.
The initial implementation for subversion is only brute force controlled
by the group access mechanisms either in httpd/dav or nis/ssh. I'm
looking to implement a process/release driven strategy to limit access
on a particular branch or trunk to a particular set of users for
particular identified set of bugs as the software must be formally
released. It is only at the vapourware stage with visions of
implementation within the next six months. Anyone have anything sooner?
From: Frank [mailto:firstname.lastname@example.org]
Sent: October 5, 2005 11:18 AM
Subject: Roles in subversion and access restriction
I'm trying to find out some info on Subversion real quick here.
I can't believe I can't find this in the online book
http://svnbook.red-bean.com/en/1.1/svn-book.html . I must be going
blind. How do you assign roles and responsibilities and access to your
repositories of code? i.e. who can run what commands I guess in short.
Is this just restricted by the OS/SSH? i.e. if I forget to turn off
access to svadmin anyone can pretty much do anything? see how you can
authenticate to the server but once your in are you free to do what ever
unless the OS locks it down some how? Can anyone authenticated run the
svadmin or is that only allowed on the server via command line?
Found this in the book but does ont exacly answer it or does it?
"Notice that svnserve only understands "blanket" access control. A user
either has universal read/write access, universal read access, or no
access. There is no detailed control over access to specific paths
within the repository. For many projects and sites, this level of access
control is more than adequate. However, if you need per-directory access
control, you'll need to use either use Apache with mod_authz_svn (see
the section called "Per-Directory Access Control") or use a pre-commit
hook script to control write access (see the section called "Hook
Received on Wed Oct 5 17:56:30 2005
This is an archived mail posted to the Subversion Users