Subversion: good practices to administrate users and groups with the repositories
-
02-10-2019 - |
Question
How should I administrate users and groups with the repositories?
Until now users can access the server repositories through http. The tag configuration it inside /etc/apache2/mods-available/dav_svn.conf
<Location /srv/svn/>
DAV svn
SVNPath /srv/svn/projecX
#SVNParentPath /srv/svn #if I have more the one repository inside the folder
AuthType Basic
AuthName ”ProjectX”
AuthUserFile /etc/subversion/passwd
Require valid-user
</Location>
My doubts:
- For each repository should I have a passwd file containing all users and pass?
- When is more appropriated to use SVNPath or SVNParentPath ?
- How do I manage groups? Until know I know how to work with individuals but not with groups in a more optimized way.
- (EDIT) Users and Group repositories control should be always made through apache2 ?
I'm using Ubuntu server edition for the server repositories. Thanks for the attention3.
Solution
You can manage groups and group access to paths in the repository in the auth
file. You can share the passwd
file between repositories by creating a symlink. Usually in an entreprise context an ActiveDirectory or alike would be better but rather tedious to bind into svn. We do the authentication at Apache level (mod_ldap/mod_svn_ldap) and the rights checks in svn with a global auth
file (to ease group definition and reuse). Setting up LDAP is not much of fun thought...