LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   A question about rights and SVN server usage (https://www.linuxquestions.org/questions/linux-server-73/a-question-about-rights-and-svn-server-usage-863550/)

Evstrati 02-18-2011 10:14 AM
A question about rights and SVN server usage
 
Hello,

I am setting up an SVN server (svn+ssh) that will be used by students at the university where I work. I was considering in the beginning, one single repository and eventually creating directories for each project inside the repository.

It seems to me now, that it is not very secure way of doing things. The directory on the server will be with rights 770 and this means that every student can come on the server and sweep out the whole repository. Also mistakenly or not, every student can 'svn delete' the whole repository, which could be a nightmare to recover from.

An issue might be to create groups and then assign users to groups and then create many repositories and each repository to be assigned with group. This means that I will have to manage tens or hundreds of repositories -- maybe not very common task.

Could someone please give me an advice of how could what is an optimal solution for this working environment.

Thanks in advance,
E.

sneakyimp 02-18-2011 02:35 PM
Just out of curiosity, why would the svn dir be 770? Can you not give just an SVN user access to the dir and delegate permissions within SVN to sub-folders? I'm not sure SVN supports this, but it seems like it should.

sneakyimp 02-18-2011 02:36 PM
Yes I believe SVN has users that are distinct from the linux user:
http://help.joyent.com/index.php?id=55&pg=kb.page

Evstrati 02-21-2011 06:14 AM
Quote:
Originally Posted by sneakyimp (Post 4263116)
Yes I believe SVN has users that are distinct from the linux user:
http://help.joyent.com/index.php?id=55&pg=kb.page
Thank you for this link and the answer. In fact I would like to use svn+ssh in order to use my NIS database with couple of hundred of users inside. It would be more difficult IMHO to add users by hand. Any ideas ?

sneakyimp 02-21-2011 10:12 AM
I must admit I don't have much experience as svn admin. SVN has more detailed documentation here. I suppose it will be necessary to determine all the files that are affected when you add a user and permissions and write some kind of script to generate the files.

szboardstretcher 02-21-2011 10:17 AM
Quote:
Originally Posted by Evstrati (Post 4262823)
Hello,

I am setting up an SVN server (svn+ssh) that will be used by students at the university where I work. I was considering in the beginning, one single repository and eventually creating directories for each project inside the repository.

It seems to me now, that it is not very secure way of doing things. The directory on the server will be with rights 770 and this means that every student can come on the server and sweep out the whole repository. Also mistakenly or not, every student can 'svn delete' the whole repository, which could be a nightmare to recover from.

An issue might be to create groups and then assign users to groups and then create many repositories and each repository to be assigned with group. This means that I will have to manage tens or hundreds of repositories -- maybe not very common task.

Could someone please give me an advice of how could what is an optimal solution for this working environment.

Thanks in advance,
E.
A single repository with multiple projects will work. You just have to manage the users in the 'conf/passwd' file, and also manage user or group permissions to each directory in the 'conf/authz' file. From the authz file you can give 'read, write or none' permissions to users or groups of users. This fits the description of what you would like to do.


All times are GMT -5. The time now is 09:39 PM.