[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn authz users strategies

From: Jehan PROCACCIA <Jehan.Procaccia_at_int-evry.fr>
Date: 2006-10-11 10:44:37 CEST

Russ wrote:
> I think you will need to enable read/write on / and use a pre-commit hook to disallow commits to /.
>
if I disallow commits to /, I'am afraid that "svn import" will be
disallow as well ?
Anyway, I would like to give it a try, but I nerver played with hooks
.... if ever you have a sample pre-commit that do that, please let me know .
I've seen the sample provided in repo/hook/pre-commit.tmpl, it calls
/usr/share/doc/subversion-1.3.2/tools/hook-scripts/commit-access-control.pl
/usr/share/doc/subversion-1.3.2/tools/hook-scripts/commit-access-control.cfg.example
why having that complicated "workaround" instead of directly use authz
file ?
Thanks for your help.
> Russ
> Sent wirelessly via BlackBerry from T-Mobile.
>
> -----Original Message-----
> From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>
> Date: Tue, 10 Oct 2006 15:29:00
> To:users@subversion.tigris.org
> Subject: svn authz users strategies
>
> hello,
> I am trying to fine grained acces controls, here's a simple scenario, my
> authz file (called from svnserve.conf) contain that:
> [svn@share /var/www/svnweb/repos/s2ia/conf]
> $ cat authz
> [groups]
> s2ia = procacci,tutu
> [/]
> @s2ia = r
> [/procacci]
> procacci = rw
> tutu =
> [/tutu]
> tutu = rw
> procacci =
>
> I want both users procacci and tutu to have full access to their
> personnal "subdirectory" in the s2ia repository, but no rights to others
> directory.
> It seems to work, exept that now there's a only a Read acces to / for
> the group , tutu is unable to perform it's initial import:
>
> [tutu@anaconda ~]
> $svn import ./tutu -m "import initial tutu"
> svn+ssh://svn@share.int-evry.fr/var/www/svnweb/repos/s2ia/tutu
> svn: Access denied
>
> I don't want to set rw on / because I don't want users to "garbage" the
> repository with /xxx "subdirectories" anywhere, I want them to be able
> to write only below their username (/login). You might says that I could
> create a repository for each and every users, but I don't want to manage
> hundreds of repository config :-( .
> Any advice ?
>
> PS: by the way, I also tried to set "absolute" path in authz file, like
> [s2ia:/procacci] procacci = rw, but then I always get authorization
> refused for every svn command as user procacci :-( ! why I can't set the
> repository in front of the access rule ?
>
> Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Oct 11 10:45:10 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.