Best IT Recipes

How to configure access control in SVN?

I created the repository using SVN and uploaded projects. Several projects are working on these projects. But not everyone needs access to all projects. I want to configure user permissions for each project.

How can I achieve this?

+79
svn authorization
Sep 17 '08 at 9:12
source share
6 answers

In the svn \ repos \ YourRepo \ conf folder, you will find two files: authz and passwd . These are the ones you need to configure.

In the passwd file you need to add some usernames and passwords. I assume that you have already done this, since you have people who use it:

[users] User1=password1 User2=password2

Then you want to assign permissions according to the authz file:

Create the conceptual groups you need and add people to them:

 [groups] allaccess = user1 someaccess = user2

Then choose what access they have both from permissions and from the project level.

So, give our "all available" guys access from the root:

 [/] @allaccess = rw

But give only our โ€œaccessibleโ€ guys read-only access to a lower-level project:

 [/someproject] @someaccess = r

You will also find simple documentation in the authz and passwd files.

+82
Sep 17 '08 at 9:29
source share

@ Stefan Bailey

To complete your answer, you can also delegate user rights to the project manager through a plain text file in your repository.

To do this, you configure your SVN database with a default authz file containing the following:

 ########################################################################### # The content of this file always precedes the content of the # $REPOS/admin/acl_descriptions.txt file. # It describes the immutable permissions on main folders. ########################################################################### [groups] svnadmins = xxx,yyy,.... [/] @svnadmins = rw * = r [/admin] @svnadmins = rw @projadmins = r * = [/admin/acl_descriptions.txt] @projadmins = rw

This authz file authz default authz SVN administrators to modify the visible text file in your SVN repository, called /admin/acl_description.txt , in which SVN administrators or project managers will modify and register users.

Then you set up a pre-commit hook that will determine if the revision consists of this file (and only this file).

If so, this script hook checks the contents of your plain text file and checks to see if each line matches the SVN syntax.

Then the trap after fixing the \conf\authz file \conf\authz with the union :

  • authz file above
  • plain text file /admin/acl_descriptions.txt

The first iteration is performed by the SVN administrator, who adds:

 [groups] projadmins = zzzz

It commits its modification and updates the authz file.

The zzzz project manager can then add, delete, or declare any user group and any users he wants. It commits the file and the authz file authz updated.

Thus, the SVN administrator does not need to individually manage all users of all SVN repositories .

+27
Sep 17 '08 at 13:49
source share

One of them caught me:

 [repos:/path/to/dir/] # this won't work

but

 [repos:/path/to/dir] # this is right

You do not need to include the trailing slash in the directory, or you will see 403 for the OPTIONS request.

+26
Nov 25 '09 at 0:43
source share

You can use svn + ssh: and then this is based on access control to the store in the specified location.

This is how I host the project group repository in my department store, where I cannot configure anything else. Just having a directory owned by the group and running svn-admin (or whatever) there means that I don't need to configure anything.

+8
Sep 17 '08 at 10:12
source share

Although I would recommend Apache's approach better, SVN Serve works just fine and pretty simple.

Assuming your repository is called "my_repo" and it is stored in C: \ svn_repos:

  1. Create a file called "passwd" in "C: \ svn_repos \ my_repo \ conf". This file should look like this:

     [Users] username = password john = johns_password steve = steves_password

  2. In C: \ svn_repos \ my_repo \ conf \ svnserve.conf install:

     [general] password-db = passwd auth-access=read auth-access=write

This will force users to log in to read or write to this repository.

Complete the following steps for each repository, including only the corresponding users in the passwd for each repository.

+5
Sep 17 '08 at 9:31
source share

The best way is to configure Apache and establish access through it. Contact the svn book for help. If you do not want to use Apache, you can also perform minimal access control with svnserve.

+3
Sep 17 '08 at 9:17
source share


More articles:


All Articles