[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Roles in subversion and access restriction

From: Joshua Varner <jlvarner_at_gmail.com>
Date: 2005-10-05 17:56:50 CEST

On 10/5/05, Frank <fgeck@optonline.net> wrote:
> I'm trying to find out some info on Subversion real quick here. I can't
> believe I can't find this in the online book
> http://svnbook.red-bean.com/en/1.1/svn-book.html . I must
> be going blind. How do you assign roles and responsibilities and access to
> your repositories of code? i.e. who can run what commands I guess in short.
> Is this just restricted by the OS/SSH? i.e. if I forget to turn off access
> to svadmin anyone can pretty much do anything? see how you can authenticate
> to the server but once your in are you free to do what ever unless the OS
> locks it down some how? Can anyone authenticated run the svadmin or is that
> only allowed on the server via command line?
> Found this in the book but does ont exacly answer it or does it? "Notice
> that svnserve only understands "blanket" access control. A user either has
> universal read/write access, universal read access, or no access. There is
> no detailed control over access to specific paths within the repository. For
> many projects and sites, this level of access control is more than adequate.
> However, if you need per-directory access control, you'll need to use either
> use Apache with mod_authz_svn (see the section called "Per-Directory Access
> Control") or use a pre-commit hook script to control write access (see the
> section called "Hook Scripts")."
> Thanks,

Access to the command line on the server gives people a lot of access if they
have permissions to the actual files used for the database (actual disk file
system, not svn). Those permissions can be restricted using whatever mechanism
is available for that file system. The access control that svnserve and
mod_authz_svn handle are to the virtual file system in the repository.

http://subversion.tigris.org/faq.html#reposperms Talks about setting
permissions on the server. Note if you want to allow file:/// access to
the repos all users must have write access to those directories.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Oct 5 18:00:34 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.