Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Stephen Adler wrote: > I'm currently setting up a subversion repository server which will host > many different repositories, and I need to make sure users who have > access to one repository do not have access to another. The way I'm > going about this is setting up groups and through the group ownership of > each repository top level directory along with chmod of 770, this should > do the trick. i.e. > ... > Notice how the umask then turned my 770 into 775 for the directories > under the top level directory for the repository. I tried to access the > repository (by doing an svn list) from a user who was not a member of > projarepository and it gave me access deigned, which is what I want. The > question I have is whether I should go the extra step and change the > default umask from 0002 to 0007 for all users so that when a user who's > a member of the projarepository makes checkouts and commits, the world > access bits will be turned off. Or is this just more work and I'm not > getting anything for it. > > All comments greatly appreciated! This is covered in the manual, but there's not a real nice solution: http://svnbook.red-bean.com/en/1.2/svn.serverconfig.multimethod.html However, this is only really a problem when providing "file://" or "svn+ssh://" access to the repository. If you use apache to provide "http://" or "https://" access (and *only* that method), none of these umask issues come into play, and it's more flexible from an access control standpoint to boot. For instance, when using apache you can control access within repositories on a per-directory basis: http://svnbook.red-bean.com/en/1.2/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |