I want to setup a repository where group A users have read/write access
to the repository, but group B users have only read access, and anyone
not in either group can't access it at all. (The server is running
Linux and we're using svn+ssh to access.)
The first criteria (group A gets r/w) is pretty easy. I "chgrp" the
repository folders to belong to a dedicated group in /etc/group then add
the users to that group. I make sure that the permissions on the
repository folders are set to "g+w" and set the sticky bit on the
repos/db folder.
Where I'm stuck is how to accomplish the 2nd (group B only gets read)
and 3rd criteria (no unauthorized access).
According to what I've read, when using HTTP, FILE, or SVN+SSH methods
to access the repository, the conf/svnserve.conf file isn't used. So
SVN+SSH users either have all or none access to the repository and you
have to resort to hook scripts?
...
What I may do for some of the instances (where only a single user needs
read/write access) is to give the user write permissions to the folders
and only grant read permissions to the group (and no permissions for
"other/world").
Which gives me an idea. (Chapter 6 in the SVN Book at red-bean.com.) I
can setup a central user account for a repository, have the users
authenticate using public key pairs and then set the --tunnel-user=harry
option in the authorized_keys file.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Dec 16 03:13:24 2006