LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Subversion: The new-generation CVS (DevChannel)

Subversion: The new-generation CVS (DevChannel)

Posted May 31, 2004 6:02 UTC (Mon) by piman (subscriber, #8957)
In reply to: Subversion: The new-generation CVS (DevChannel) by lakeland
Parent article: Subversion: The new-generation CVS (DevChannel)

Apache or svnserve is basically necessary if you want public repository access (which most projects do). They're also necessary if you want to restrict repository access on a per-directory basis, or don't want to hand out SSH accounts to anyone with commit access (which is generally a good idea).

To get nontrivial collaboration out of SVN, you need svnserve or Apache.

(Log in to post comments)

Subversion: The new-generation CVS (DevChannel)

Posted May 31, 2004 6:27 UTC (Mon) by lakeland (subscriber, #1157) [Link]

Most open source projects want private access. But what about a group of
developers working in a company? ssh is perfectly acceptable for that.
Perhaps a huge company would need per-directory access control to a level
not easily provided by chown/chmod.

My point is that I think saying _most_ projects don't need svnserve.
Most projects are written by one person or small companies.

Subversion: The new-generation CVS (DevChannel)

Posted May 31, 2004 6:39 UTC (Mon) by piman (subscriber, #8957) [Link]

Per-directory access control in Subversion is not available at all via chown/chmod.

Subversion: The new-generation CVS (DevChannel)

Posted Jun 3, 2004 22:12 UTC (Thu) by brouhaha (subscriber, #1698) [Link]

Per-directory access control in Subversion is not available at all via chown/chmod.
Actually that can be done, if you use svnserve tunnelled through SSH. I had my repositories set up that way for about six months. It works because the svnserve process invoked on the user's behalf runs under his or her user ID.

The preferred approach to access control with Subversion seems to be the use of hook scripts. Some examples hook scripts are provided; they don't implement per-directory access control, but it would not be difficult to set up using the example scripts as a base. In fact, you could easily implement per-file access control, or even more complex policies such aIP address or date restrictions, or checking ACLs in a parallel directory structure.

Subversion: The new-generation CVS (DevChannel)

Posted Jun 3, 2004 22:14 UTC (Thu) by brouhaha (subscriber, #1698) [Link]

I should clarify that my mention of SSH wasn't really per-directory access control within a repository, which does require hook scripts. I meant that I used directory ownership to control access to multiple repositories on the same Subversion server, which is probably not what was wanted.

But it is possible to do this using hook scripts, as I described.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds