Well,
post-commit-hook scripts sound cool in the first place, but: The
current setup uses an Active Directory for authorisation (via LDAP). I
could not find a way to setup an authz file with permissions on a
group basis (using the groups of the Windows domain controller).
Setting up permissions on a per-user basis was quite easy (but that
would be a pain in the ass. Furthermore, our Sysadmin (my boss)
refuses to manage the users twice).
Instead, I used the <Location /restricted/path> statement in my
httpd.conf file. At first, I considered the use of wildcards, but
somehow I don't like this approach, since the users are very
restricted when renaming certain files.
Regards,
Jan
On 2/21/06, Andy Levy <andy.levy@gmail.com> wrote:
> On 2/21/06, Ryan Schmidt <subversion-2006Q1@ryandesign.com> wrote:
> >
> > On Feb 21, 2006, at 19:43, Jan Hegner wrote:
> >
> > > we're currently setting up a Subversion server using Apache2 and
> > > authentication to a Windows Server via LDAP.
> > >
> > > our currently used CVS looks somewhat like:
> > >
> > > CompanyHead
> > > I-libs
> > > I I- lib1
> > > I I- lib2
> > > I ....
> > > I- apps
> > > I- app1
> > > I- app2
> > > ......
> > >
> > >
> > > Not all the libs and apps are accessible to every user.
> > >
> > > The easiest way to set up the subversion would be
> > >
> > > Trunk
> > > I-- same structrure as above
> > > Branches
> > > Tags
> > >
> > > Setting the permissions for the directories in trunks is quite easy.
> > > But at the time a more priviliged user branches, (from what I
> > > understand, copy the trunk into the branches folder) all
> > > non-privileged users have access to the full source tree.
> > >
> > > Is there a way to preserve the file permissions when copying files?
> >
> > I think what you're saying is that you will have authz rules set up
> > so that parts of trunk are restricted, and that once someone copies
> > the trunk to a branch or a tag, anyone would be able to get to the
> > files from there, because they are not restricted in the same way. I
> > believe the answer therefore is that you need to write your authz
> > rules such that they protect the desired lib directories not only in
> > trunk but also in any branch or tag, and you need to make privileged
> > users aware that if they copy the trunk somewhere outside of branches
> > or tags, that anyone would be able to read it, and why that would be
> > bad. In other words, Subversion does not, as far as I know, assist
> > you with this task in any special way. You must specify what you want
> > exactly in the authz rules.
>
> Would it be possible for one to write a post-commit hook script which
> picked up on the fact that such a commit had been performed, and
> update the authz rules automatically, replicating the
> /trunk/path/protected rule to a corresponding copy that refers to
> /branches/path/protected ?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Feb 21 21:54:29 2006