generate acls
to init :
on server, as www-data, in /etc/subversion/acls (chowned www-data) : svn co file:///usr/local/data/svn/acls mv acls acls-checkout svn co file:///usr/local/data/svn/acls mv acls acls-checkins echo 'commit as www-data in acls-checkins, not checkout' > readme
prime acls-generated with : [svn:/] nic = rw * = r
(where nic is the svn acl admin)
every file in acls is a acls for a project of the same name base is the file for base acls
mkdir /var/log/svn chown www-data:www-data /var/log/svn
create a /acls/ in your repository.
copy base and acls (see examples) in /acls
set up the postcommit hook in your svn repo :
in hooks/post-commit :
REPOS="$1" REV="$2" /your/path/to/authz-gen.pl "$REPOS" "$REV"
this is it !
the script is intended to run as postcommit hook.
it will first update /etc/subversion/acls/acls-checkout
(which is a checkout of svn co file:///usr/local/data/svn/acls)
and concatenate all of them in /etc/subversion/acls/acls-generated.
this file need to be pointed in the apache config, authz part.
it will write logs in /var/log/svn/authz-gen.log
see http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2 for details
in acls/ :
file base :
[svn:/] @sysadmin = rw * = r
[groups] sysadmin = sysadmin1,sys2,sys3 dev= dev1,dev2, dev3
so only sysadmin can create projects
file acls : (which are acls to acls)
[svn:/acls] @sysadmin = rw @releasers = r *=
[svn:/acls/cbud] nic = rw raph = rw
[svn:/acls/web] nic = rw
so only sysadmin can write in the acls directory
releasers can read the directory
nic and raph can edit the file acls/cbud
nic can edit the file acls/web
file cbud :
[svn:/cbud] @dev = rw *=
all devs can write to the project cbud. this can be changed by nic or raph
file web :
[svn:/web] @dev = r nic = rw
[svn:/web/trunk] @dev = rw john = r
[svn:/web/branches] @dev = r nic = rw
[svn:/web/branches/2.4.2] roger = rw
[svn:/web/tags] @dev = r nic = rw *=
so that dev can write to trunk but not branches nor tags ;
roger can write to web/branches/2.4.2
nic can write to tags and branches