subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bennett, Brian" <Brian.Benn...@Transamerica.com>
Subject Using svnperms.py and AuthzSVNAccessFile file together?
Date Fri, 24 Mar 2017 20:28:13 GMT
I am able to use svnperms.py as written and have configured a working svnperms.conf with it.
My production Subversion environment is currently using an AuthzSVNAccessFile directive in
the http configuration to specify groups and read or read-write access; e.g.:

[groups]
grp1 = user1, user2, ...
grp2 = user3, user4, ...

[repo1:/]
@grp1 = r
@grp2 = rw
.
.
.

My question has to do with how it might be possible to "integrate" svnperms.py usage alongside
repositories that are using the permissions in the AuthzSVNAccessFile file. I know that I
can use the precommit hook to "engage" svnperms.py to give me the fine-grained read-write
permissions that I am after.  But I'm struggling trying to figure out how to configure the
two to work together.

My goals are:

*         Have all read-write access controlled solely by svnperms.py

*         Restrict users that can read the repository

I know that using "* = rw" in the AuthzSVNAccessFile file would allow all read-write requests
to be managed by svnperms.py, but it also allows all users to have read access as well. So
it is appearing like the only way to make this work is to do something like the following
in the AuthzSVNAccessFile file:

[groups]
readers1 = user1, user2
readers2 = user3, user4
writers = user5, user6, user7, user8

[repo1:/]
@readers1 = r
@writers = rw
[repo1:/branches]
@readers2 = r

This would give @readers1 read access throughout the repository, @readers2 read access to
only the /branches and @writers read-write access to the entire repository but have that access
checked against svnperms.py via the precommit call.

But it also forces me to list all possible read-write users in the AuthzSVNAccessFile and
again in my svnperms.conf file. Is there a configuration possible where I don't have to list
all possible read-write users in both the AuthzSVNAccessFile and the svnperms.conf file?

Brian Bennett | Supv System Admin & Support, TA TECH Change Mgmt/Production Support
o: 319-355-7602 | c: 319-533-1094
e: brian.bennett@transamerica.com<mailto:brian.bennett@transamerica.com> | w: www.transamerica.com<http://www.transamerica.com/>

Transamerica
6400 C St. SW, Cedar Rapids, IA 52404 MS-2410
Facebook<https://www.facebook.com/brian.bennett.31924792> | LinkedIn<https://www.linkedin.com/in/brian-bennett-981bb46>


Mime
View raw message