[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Directory security for "/branches" and "/tags"

From: Gale, David <David.Gale_at_Hypertherm.com>
Date: 2006-06-06 17:02:48 CEST

Bradley Wagner wrote:
> I'm trying to devise a security scheme for my repository and have hit
> a snag. I'm trying to limit the ability to create both branches and
> tags to a single "release manager". It's easy enough to make the /
> branches and /tags directories only writable by a particular user,
> however, I'd also like to give my developers the ability to patch
> existing branches when a minor release is made on a previous branch.
> The only way I can think to do this, is to give only my release
> manager write access to "branches" and then each time a branch is
> created, explicitly give my developers write access to that branch
> directory. This allows them to edit existing branches but not create
> new ones. It seems a little difficult to maintain though and I was
> wondering if anyone else came up with a creative strategy for
> implementing this policy.

Give developers and the release manager read-write access to the
branches directory, and then use a pre-commit hook to reject any commits
that include an add to the branches directory itself from anyone other
than the release manager?

There've been discussions on the list before about how to use pre-commit
hooks to allow tags to be created, but prevent them from being modified
afterwards; those discussions may be helpful.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jun 6 17:08:27 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.