Subversion: good practices to administrate users and groups with the repositories

StackOverflow https://stackoverflow.com/questions/3680372

Question

How should I administrate users and groups with the repositories?

Until now users can access the server repositories through http. The tag configuration it inside /etc/apache2/mods-available/dav_svn.conf

<Location /srv/svn/>
DAV svn
SVNPath /srv/svn/projecX
#SVNParentPath /srv/svn #if I have more the one repository inside the folder
AuthType Basic
AuthName ”ProjectX”
AuthUserFile /etc/subversion/passwd
Require valid-user
</Location>

My doubts:

  1. For each repository should I have a passwd file containing all users and pass?
  2. When is more appropriated to use SVNPath or SVNParentPath ?
  3. How do I manage groups? Until know I know how to work with individuals but not with groups in a more optimized way.
  4. (EDIT) Users and Group repositories control should be always made through apache2 ?

I'm using Ubuntu server edition for the server repositories. Thanks for the attention3.

Was it helpful?

Solution

You can manage groups and group access to paths in the repository in the auth file. You can share the passwd file between repositories by creating a symlink. Usually in an entreprise context an ActiveDirectory or alike would be better but rather tedious to bind into svn. We do the authentication at Apache level (mod_ldap/mod_svn_ldap) and the rights checks in svn with a global auth file (to ease group definition and reuse). Setting up LDAP is not much of fun thought...

OTHER TIPS

authz_svn allows directory level user & group authentication. Integrates well with websvn. Here is one of the many tutorials on the web about how to setup authz_svn.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top