generate acls

to init :

on server, as www-data, in /etc/subversion/acls (chowned www-data) : svn co file:///usr/local/data/svn/acls mv acls acls-checkout svn co file:///usr/local/data/svn/acls mv acls acls-checkins echo 'commit as www-data in acls-checkins, not checkout' > readme

prime acls-generated with : [svn:/] nic = rw * = r

(where nic is the svn acl admin)

every file in acls is a acls for a project of the same name base is the file for base acls

mkdir /var/log/svn chown www-data:www-data /var/log/svn


create a /acls/ in your repository.

copy base and acls (see examples) in /acls

set up the postcommit hook in your svn repo :

in hooks/post-commit :

/your/path/to/ "$REPOS" "$REV"

this is it !

the script is intended to run as postcommit hook.

it will first update /etc/subversion/acls/acls-checkout

(which is a checkout of svn co file:///usr/local/data/svn/acls)

and concatenate all of them in /etc/subversion/acls/acls-generated.

this file need to be pointed in the apache config, authz part.

it will write logs in /var/log/svn/authz-gen.log

see for details






in acls/ :

file base :

[svn:/] @sysadmin = rw * = r

[groups] sysadmin = sysadmin1,sys2,sys3 dev= dev1,dev2, dev3

so only sysadmin can create projects

file acls : (which are acls to acls)

@sysadmin =  rw
@releasers = r
nic = rw
raph = rw
nic = rw

so only sysadmin can write in the acls directory

releasers can read the directory

nic and raph can edit the file acls/cbud

nic can edit the file acls/web

file cbud :

@dev =  rw

all devs can write to the project cbud. this can be changed by nic or raph

file web :

@dev =  r
nic = rw
@dev =  rw
john = r
@dev =  r
nic = rw
roger = rw
@dev =  r
nic = rw
    so that dev can write to trunk but not branches nor tags ;

roger can write to web/branches/2.4.2

nic can write to tags and branches