Subversion Permissions
WARNING
This tip involves editing your Subversion repository .access file.
If your repository is hosted with Dreamhost there is a problem with this.
Whenever you use the Dreamhost Panel to create a new user it will wipe your
work from the .access file, and overwrite it with a default file that gives full
permission to everyone.
If you need to edit your .access file then keep a backup so that when you create new
users you can restore your version of the file.
Subversion Per Directory Access
You may be like me and have a subversion repository called Clients that contains projects for various ... Clients. The alternative is to have a seperate repository for each client.
For a repository like this you are presumably going to want to lock things down so that each client can only see their own projects.
Here's how I do it.
The root directory of my repository contains a folder for each Client.
root
Client1
Client2
...These Client folders will effectively be the root folder from the perspective of the client. The projects for each client are then created within the various Client folders.
Edit your
[/]
tom = rw
dick = rw
harry = rw
mary = rwWe need to change this. The first thing we'll do is create groups to identify which companies people work for.
[groups]
myCompany = dick
client1 = tom, harry
client2 = maryThen we need to ensure that only people in the myComany group can see the root directory.
Note the section name [/] is the folder we're assigning access to, in this case root. We use the '@' symbol to indicate that we're assigning access to a group.
[/]
@myCompany = rw
@client1 =
@client2 =We do this because if we don't, clients will be able to see the root directory and see the list of other clients. Yes, they'll only have access to their own, they can't go snooping in the folders of other clients, but still, I'd prefer they never even see the names of the Clients.
Next Step is to grant each group access to it's own Client directory.
[/Client1]
@client1 = rw
[/Client2]
@client2 = rwAnd that's it. Job done. The following is the complete .access file.
[groups]
myCompany = dick
client1 = tom, harry
client2 = mary
[/]
@myCompany = rw
@client1 =
@client2 =
[/Client1]
@client1 = rw
[/Client2]
@client2 = rwOf course, now that you understand the principle you can make this as complicated as you like. Grant Read access for every Client project to anyone who works for that Client, but grant Read/Write access only to the individuals who actually work on each project.
Create projects that some or all clients have shared read access to, in addition to their own projects. E.g. Shared Libraries that you use on multiple projects.
Note that this works exactly as described for me, no messing about with Apache modules etc. But then, my respositories are hosted by Dreamhost, so you might want to check with your host if they have everything set up to work.
Or, before you bother with them, just try it. It might just work.
In case it doesn't, you might need some of the following information.
- Login to post comments