[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion security, everyone can commit, limited to who can delete

From: Frank Gruman <fgatwork_at_verizon.net>
Date: 2005-10-14 22:31:16 CEST

plabonte@gmail.com wrote:
>> Here is a sample of a configuration that works for me. I added the
>> <Limit...> to show you as a reference.
>>
>> <Location /code>
>> DAV svn
>> SVNParentPath /code_repos
>> SVNIndexXSLT /svnindex.xsl
>> AuthType Basic
>> AuthName "Code Repository"
>>
>> # AuthUserFile /code_repos/users.list
>> AuthPAM_Enabled on
>> require valid-user
>> AuthzSVNAccessFile /code_repos/access.list
>> <Limit DELETE>
>> require user username1 username2
>> </Limit>
>> </Location>
>>
>> This will require that there be a valid user to do anything in the
>> repository. However, the only people allowed to delete anything will
>> be username1 and username2. The read and write access to the
>> repository is controlled within the SVN (mod_authz_svn) module
>> itself, and I use the AuthzSVNAccessFile to set those permissions.
>>
>> Regards,
>> Frank
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>
> I tried you example above. And it will not allow anyone without delete
> rights to commit a file. This is because each commit needs to delete a
> tmp file... so it appears it is not possible to prevent people that
> have commit rights from getting delete rights.
> Unless you can find a way.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org For
> additional commands, e-mail: users-help@subversion.tigris.org
hmmm - curious.

Well - then I think I am going to have to throw you back to the list in
general to try to find a way to write a pre-commit hook script that will
try to evaluate a 'Delete' action.

While I was typing this up, I noticed a separate note that came in about
trying to evaluate the reason why this would be necessary. While true
(the role of a VCS), I can see value in this request. It would be the
same as being able to set the read/write permissions in
AuthzSVNAccessfile. I'd rather keep 99 of my developers from deleting a
file and only allow 1 to do it than have to try to find out what
happened to a file that I knew existed and then disappeared from the
repository. Sure - I could search the logs or go back and look, but why
not just prevent everyone from doing it to begin with?

Regards,
Frank

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Oct 14 22:32:57 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.