Re: Access rights based on groups

Are you modifying the permissions on the repository? You should never
change the file permissions inside the Subversion repository.

If you use ssh+svn, you use the server's built in user database for
permissioning, but it is tricky to setup.

If I remember correctly, you're suppose to put all of the Subversion
users into a single group, then have the user who runs the svnserve
process be in that group too. You also need to set the umask, so any
newly created file or directory will have the write permission on the
group on. However, you cannot make certain parts of your repository
writable to one user or another. The entire setup procedure is in the
Subversion User's Guide <http://svnbook.com>.

It is possible using http to do this, but I've never done it. Instead,
I use the http configuration file to set the read permission for my
Subversion repository, and I set my write permissions via the
pre-commit hook.

I wrote my own Perl pre-commt access control hook because I didn't
like the one that came with Subversion. Mine allows you to define
groups, set write permissions and allows you to require properties of
particular files. It also allows you to setup "add-only" permission,
so you can create a new tag, but not modify it.

The current Python hook in Subversion's Subversion repository
<http://svn.collab.net/repos/svn/trunk/tools/hook-scripts/> has
similar features. However, if you're more comfortable with Perl than
Python, I'll be glad to send you my hook.

If you use either my hook or the official Python version, you should
set your repository up so all users have read/write access, then use
the hook to setup particular read-only vs. read-write vs. add-only
access.

--
David Weintraub
qazwart_at_gmail.com
On Sun, Oct 5, 2008 at 7:17 AM, Søren Juul <zpon.dk_at_gmail.com> wrote:
> Hello
>
> I have set up a svn repository on a server, on which all the users which should
> have read/write access is divided in five groups, I have tried to change the
> access by using setfacl and ended up with something like this
>
>    getfacl DIRECTORY
>    # file: DIRECTORY
>    # owner: USER
>    # group: GROUP
>    user::rwx
>    user:USER:rwx
>    group::rwx
>    group:GROUP1:rwx
>    group:GROUP2:rwx
>    group:GROUP3:rwx
>    mask::rwx
>    other::---
>
> This works fine at first, but when one my group commit, everybody from all other
> groups are no longer allowed to commit, why could this be? Could it be something
> with the rights in repository/db?
>
> Maybe I should mention that the server is at my university, so there are things
> I do not have access to change, and that the connection to the server is done
> via ssh
>
> --
> Med venlig hilsen / Kind regards
> Søren Juul
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org