Thank you again, Pekka!
But it seems not so easy to implement public/private repos in that way.
(The requjirement is so simple, though)
I started to think that would be not a good idea to manage two
totally different kind of data in one big repos.
(Anyway, What advantage it would have by managing all data in one big repo?)
I would be much easier to do this by creating two different svn repos,
let's say "~/repos/private" and "~/repos/public" whrer /repos is just directory,
and only expose public repo to he world through apache.
When users need to have write access, they request unix account on the box
and use svn+ssh.
really private data is hidden away using unix chmod command.
I think this is simple solution for me.
What do you think of this?
On Dec 10, 2007 1:57 AM, Pekka Niiranen <pekka.niiranen@pp5.inet.fi> wrote:
> js wrote:
> > Hi Pekka,
> > Thanks for the info.
> >
> > But that article doesn't tell me how to prevent users from seeing private data.
> > Should I have to create another svn repository to do it?
> >
> No you do not have to. Google also: "Custom-Compiling Apache and Subversion"
> (However, I have always compiled Subversion from sources with even
> tighter settings
> for Apache than in article above.).
>
> Create two directory branches into single repository located in one PC.
> For example:
>
> myrepo/trunk
> myrepo/releases
>
> then create "admin_user" with
>
> "htpasswd -m -b -c admin_user......"
>
> and "normal_user"s:
>
> "htpasswd -m -b normal_user1......"
> "htpasswd -m -b normal_user2......"
>
> Remember to clean ".bash_history" too;)
>
> After that set user rights in "svnaccess" -file like this (for example):
>
> [groups]
> users = norma_user1, normal_user2 # Extended this list with new
> usernames if necessary (Pekka)
>
> [/]
> * = # As default nobody can read anything thru Apache.
> # root -user can create additional directories from the
> Linux console with "svn import" (Pekka).
>
> [/trunk]
> admin_user = rw
>
> [/releases]
> admin_user = rw # Admin can make TAGs, but
> @users = r # users -group can only read them (Pekka)
>
>
> It is important that you plan head by storing "one product"/"one
> subtree". Then you
> can make release TAGs by copying whole directory at the time instead of
> one file at the time.
> Do not waste your time with BerkeleyDB, use FSFS. Disable nfs, ftp,
> samba and telnet -services
> and use OpenSSH to make changes to "svnacess" and "htpasswd" -files.
>
> -pekka-
>
> > On Dec 9, 2007 10:02 PM, Pekka Niiranen <pekka.niiranen@pp5.inet.fi> wrote:
> >
> >> js wrote:
> >>
> >>> Hi,
> >>>
> >>> I'm trying to manage two kind of data, public and private one.
> >>>
> >>> The public ones are source code,
> >>> that I want to be read-write accessable from users who
> >>> have an account on the server, but read-only for the others.
> >>> (I could implement this by using svn+ssh)
> >>>
> >>> The private ones are configuration files, apache.conf, my.cnf
> >>> and like that which I don't want to be read by
> >>> anyone except for me.
> >>>
> >>> I tried to implement this by creating one big repository.
> >>> I did svn mkdir public and private in there and
> >>> installed mod_dav_svn.
> >>> Then I added "SVNPath /path/to/svn/public/" to apache's conf
> >>> and tried browsing it but
> >>> I got "Could not open the requested SVN filesystem"
> >>> and didn't work.
> >>>
> >>> So Could anyone please give me some advice or any hints?
> >>> I searched on the web but didn't find exact info.
> >>>
> >>> Thanks.
> >>>
> >> Hi,
> >>
> >> try this article:
> >>
> >> "ONLamp.com: Setting up a Secure Subversion Server"
> >>
> >> Use svnaccess -file to set up directory rights per user.
> >>
> >> -pekka-
> >>
> >>
> >>
> >
> >
> >
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 16 05:24:07 2007