[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to best manage authorization after tag/branch creation?

From: David Weintraub <qazwart_at_gmail.com>
Date: Wed, 13 Oct 2010 09:27:38 -0400

Do you need to restrict READ access to the branch or tag, or do you
simply want to restrict COMMIT access.

If you just want to restrict commit access, you can use a pre-commit
hook to kill a commit transaction if the user who doesn't have
permission attempts to change a tag or branch.

There is a Python script that comes with the Subversion source code,
and is at http://bit.ly/9zQnwg. The example config file can be found
at http://bit.ly/cln78B. One of the nice things about this script is
it has a "add-only" option. That is, you can copy a URL to the
repository, but cannot modify it. This is good to allow someone to
create a tag, but also prevents it from being modified.

I have a Perl version a pre-commit hook that does the same thing. Mine
will also verify that properties are set correctly on files before
they can be committed. You can find this script at
http://db.tt/H3o1i7S.

By the way, there's also a way to configure Apache httpd to use LDAP
instead of a regular text file. This means that users will have access
to your Subversion repository based upon their Windows or Unix account
and that users will automatically get logins and have their access
removed when they get hired or move on.

On Tue, Oct 12, 2010 at 11:37 PM, Shaun Pinney
<shaun.pinney_at_bil.konicaminolta.us> wrote:
> Hello all,
>
> We've configured Apache to restrict access to certain directories on our trunk
> (n.b. via AuthUserFile in httpd.conf).  The problem is now I've created a tag
> from our trunk and found that the permissions don't 'automatically' transfer
> during creation of the tag.  Obviously, this is because the AuthUserFile is a
> text file and needs to be edited manually :).  But, is there an admin tool to
> help with this basic task to avoid accidentally providing full access to a tag
> (or branch)?  Hopefully, Subversion provides some type of 'smart branch/tag
> creation' which can inherit permissions from the source directory.  Please let
> me know of the best way to do this.
>
> Thanks,
> Shaun
>
>
>

-- 
David Weintraub
qazwart_at_gmail.com
Received on 2010-10-13 15:28:17 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.