shang3000
asked on
how to make security using svnserve
Hi all,
I'm new to subversion and my manager want to make access control list in subversion that gives different permissions for different users and groups
I got the following
- fedora core 4
- subversion 1.2.3 (installed with yum utility)
the access control list in authz-db file does not work and after some searching (long term) I found that it needs subversion 1.3 at least to have access control list with svnserve
so my question for you as experts:
1. is that true
2. if it's true how to install subversion 1.4 on a fedora core 4 box (please give me how to guide)
3. if it's false what is the right way to do it
please help in that issue
best regards
HG
I'm new to subversion and my manager want to make access control list in subversion that gives different permissions for different users and groups
I got the following
- fedora core 4
- subversion 1.2.3 (installed with yum utility)
the access control list in authz-db file does not work and after some searching (long term) I found that it needs subversion 1.3 at least to have access control list with svnserve
so my question for you as experts:
1. is that true
2. if it's true how to install subversion 1.4 on a fedora core 4 box (please give me how to guide)
3. if it's false what is the right way to do it
please help in that issue
best regards
HG
I have subversion installed from time ago and access control working without a problem, then I don't think that version 1.2.3 is the problem.
Regarding access control itself, I got all the information from here :
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth.general
Basically you define general permissions for authenticated and non-authenticated users and the password and authorization files (can be common for all repositories).
The password file is just a text file with user/pass in this format :
[users]
John = password
And in the authz file you can define groups and types of access for every group to different repos :
[groups]
group1 = John, mary
# repositories permissions
[repos1:/]
@groups1 = rw
[repos2:/]
@group1 = r
Regards,
Pere
Regarding access control itself, I got all the information from here :
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth.general
Basically you define general permissions for authenticated and non-authenticated users and the password and authorization files (can be common for all repositories).
The password file is just a text file with user/pass in this format :
[users]
John = password
And in the authz file you can define groups and types of access for every group to different repos :
[groups]
group1 = John, mary
# repositories permissions
[repos1:/]
@groups1 = rw
[repos2:/]
@group1 = r
Regards,
Pere
ASKER
hi perehospital,
thanks for reply
my mangere wants me t o do the following
- security repository
- development (@developers=rw and nagy=r )
- final (hatem=rw and nagy = rw and the rest of @developers=r)
I tried what you send but no good I even restarted the server
can you please check those files for me and guide me how to do that :
--------------------------
svnserve.conf
--------------------------
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.tigris.org/ for more information.
[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are "write", "read",
### and "none". The sample settings below are the defaults.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.
password-db = passwd
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
realm = example realm
# Specific access rules for specific locations
authz-db = authzfile
--------------------------
authzfile
--------------------------
[groups]
developers = hatem,magdy,marwa,mosaab,s
testers = hesham,ahmed
managers = nagy,sameh,salma
[security:/]
* =r
[security:/development]
@developers = rw
nagy=r
* =
[security:/development/fin
@developers = r
hatem=rw
* =
[security:/plans]
@managers = rw
* =
[security:/plans/final]
@developers=r
@managers = r
nagy = rw
* =
[security:/test]
@testers=rw
@developers = r
nagy = r
* =
--------------
best regards
HG
thanks for reply
my mangere wants me t o do the following
- security repository
- development (@developers=rw and nagy=r )
- final (hatem=rw and nagy = rw and the rest of @developers=r)
I tried what you send but no good I even restarted the server
can you please check those files for me and guide me how to do that :
--------------------------
svnserve.conf
--------------------------
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.tigris.org/ for more information.
[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are "write", "read",
### and "none". The sample settings below are the defaults.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.
password-db = passwd
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
realm = example realm
# Specific access rules for specific locations
authz-db = authzfile
--------------------------
authzfile
--------------------------
[groups]
developers = hatem,magdy,marwa,mosaab,s
testers = hesham,ahmed
managers = nagy,sameh,salma
[security:/]
* =r
[security:/development]
@developers = rw
nagy=r
* =
[security:/development/fin
@developers = r
hatem=rw
* =
[security:/plans]
@managers = rw
* =
[security:/plans/final]
@developers=r
@managers = r
nagy = rw
* =
[security:/test]
@testers=rw
@developers = r
nagy = r
* =
--------------
best regards
HG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi perehospital,
thanks for reply,
>>> I have to say that I don't have a clue if you can give permissions to subfolders of the repos. Which time os storage do you use for the
>>> repos ? I use FSFS (just files).
so am I
thnaks any way for trying to help
best regards
HG
thanks for reply,
>>> I have to say that I don't have a clue if you can give permissions to subfolders of the repos. Which time os storage do you use for the
>>> repos ? I use FSFS (just files).
so am I
thnaks any way for trying to help
best regards
HG
http://svn.collab.net/repos/svn/trunk/INSTALL