[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Individual repository for each user on system

From: Jehan PROCACCIA <Jehan.Procaccia_at_int-evry.fr>
Date: 2006-10-19 18:05:10 CEST

Sheryl wrote:
>> I'm running a system (RHEL4) with ~1000 users on it - I have a requirement
>> that each user needs their own repository that other users aren't able to
>> access. Users should be able to access their repository from local
>> machine,
>> SSH, and also via the web.
>> Authentication on the system is handled with a NIS back-end for user
>> information, and LDAP for the actual authentication against some AD
>> servers.
> I do something similar for a smaller number of users. We're just rolling
> out one subversion server for admin use, one for projects, and one for
> workstation backups. I respectfully disagree with the posters who want to
> put the repositories in their home directories -- especially in
> public-html. If a user fat-fingers permissions it won't be his colleagues
> he has to worry about accessing his repository -- it will be the whole
> Internet. Users also would be able to get in and muck with the repository
> directly -- I see a support nightmare in the making.
> My vote would be for apache to be set up with an SVNParentPath, with
> individual user repositories defined below that level. You also can
> define LDAP authentication in the httpd.conf. One of the web interfaces
> like WebSVN can be installed for readonly access, and if a user needs
> read-write access they can install one of the many client options on their
> home machine. Or they can ssh in and use the command line (or a GUI if
> you allow X tunneling and they have the right setup).
> Scripting account setup isn't hard at all. I have scripts to set up our
> various repositories (I go ahead and svn mkdir the trunk, branches and
> tags directories on the project server). Just something like this for the
> access file:
> cat <<EOT >>/path/to/access/file
> [userid:/]
> userid = rw
> Good luck,
> Sheryl
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
then you have an access file (authz) for each users (svnserve.conf ->
authz-db = authz) ? or it's a "central" access file pointed by each
individuals svnserve.conf (authz-db = /var/svn/central-authz) ?
I ask this question because I have the same needs as the initial poster,
svn for each users with private access through http,https,svn+ssh cli
protocols use

and the problem I have is that for cli (svn+ssh) access , when I define
access internally to the repository ( [/project] )it works fine, when I
centralize authz and then uses access this way [repository:/project]
then access controls aren't honored :-( (although they are honored for
DAV (http,https) acces !)
Does svn+ssh uses authz file, or unix file system access mode ?! I'am in
doubt now ...

Thanks .

PS: is there a way to log (syslog) svnserve access control checks ? or
more generaly log svnserve globally ?

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 19 18:06:30 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.