You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by David Aldrich <Da...@EU.NEC.COM> on 2010/12/21 14:46:41 UTC
An access permissions problem
Hi
We host each of our projects in a separate svn repo and control access permissions via Apache.
In one large project, we need to limit the visibility of a few confidential files. We have done this by specifying something like:
[myproj:/trunk/ConfidentialFolder]
@myPrivilegedGroup = rw
* =
The problem with this is that the confidential files become visible to everyone when we create a branch. Of course, we could control the visibility of the branches by adding further directives but this becomes complex and hard to validate. So we think it is best to only set access permissions on entire repositories.
Therefore, we think a better solution would be to put the confidential files in their own repo and bring them into the large project with an external. However, I am not sure what happens when an external can't be resolved because access to the external repo is denied.
I would welcome any advice on this problem.
BR
David
Re: An access permissions problem
Posted by Nico Kadel-Garcia <nk...@gmail.com>.
On Tue, Dec 21, 2010 at 9:46 AM, David Aldrich <Da...@eu.nec.com> wrote:
> Hi
>
>
>
> We host each of our projects in a separate svn repo and control access
> permissions via Apache.
Put the confidential materials in a separate repository. Use
svn:externals to access that separate, more securely managed
repository inside of working copies. This eliminates the ability to
"svn copy" the material inside the unsecured repository, but that
sounds acceptable.
It makes managing them on the client end a bit trickier, but it is
much more stable on the server side than trying to repeatedly pick and
choose the configuration of your Apache, authz, pre-commit, or other
tools.
Re: An access permissions problem
Posted by Stefan Sperling <st...@elego.de>.
On Tue, Dec 21, 2010 at 12:28:29PM -0500, David Weintraub wrote:
> On Tue, Dec 21, 2010 at 10:59 AM, David Aldrich
> <Da...@eu.nec.com> wrote:
> > Thanks for your help. Yes, the branches, tags, and trunk directories are at the root. In your suggestion, I am worried that a developer might create a branch containing ConfidentialFolder in /branches rather than in /branches/ConfidentialBranches, by mistake. Do you agree that is a problem?
>
> Sure, that's a possible issue. One of the biggest problems with
> Subversion is that it is almost impossible to delete any information
> from the repository. You put in confidential information in the wrong
> place, and you basically have to do a dump/filter/load to remove it
> from the repository.
>
> To solve this issue, you can create a pre-commit hook that will
> prevent someone from copying the confidential information project to
> the plain /branches branch.
>
> When a copy is done, svnlook will list where the copy is from, and
> your hook can intercept this information.
>
> I don't think my kitchen-sink pre-commit hook can be configured to
> prevent this from happening. My script can prevent particular people
> from creating a tag or branch, but never looks at the "to"
> information.
>
> You'll have to write your own hook script. Fortunately, it isn't too
> difficult -- especially since you're just checking for a very simple
> thing. Do you see an "A' transaction where the from is from the
> confidential directory and the "to" is to the branches directory? If
> so, fail the transaction.
It's better to fail if the copy is not going to the right place,
rather than going to one of many possible wrong places.
Regarding the external question: I think checkout and updates will fail if
the external cannot be accessed. It's quite easy to try this out on
a new repository created with svnadmin create:
svnadmin create /tmp/myrepos
svn co file:///tmp/myrepos working-copy
cd working-copy
svn mkdir dir
Now configure externals on "dir" that point to non-existing URLs,
run svn commit, and do more checkouts and updates see for yourself
what Subversion will do.
Stefan
Re: An access permissions problem
Posted by David Weintraub <qa...@gmail.com>.
On Tue, Dec 21, 2010 at 10:59 AM, David Aldrich
<Da...@eu.nec.com> wrote:
> Thanks for your help. Yes, the branches, tags, and trunk directories are at the root. In your suggestion, I am worried that a developer might create a branch containing ConfidentialFolder in /branches rather than in /branches/ConfidentialBranches, by mistake. Do you agree that is a problem?
Sure, that's a possible issue. One of the biggest problems with
Subversion is that it is almost impossible to delete any information
from the repository. You put in confidential information in the wrong
place, and you basically have to do a dump/filter/load to remove it
from the repository.
To solve this issue, you can create a pre-commit hook that will
prevent someone from copying the confidential information project to
the plain /branches branch.
When a copy is done, svnlook will list where the copy is from, and
your hook can intercept this information.
I don't think my kitchen-sink pre-commit hook can be configured to
prevent this from happening. My script can prevent particular people
from creating a tag or branch, but never looks at the "to"
information.
You'll have to write your own hook script. Fortunately, it isn't too
difficult -- especially since you're just checking for a very simple
thing. Do you see an "A' transaction where the from is from the
confidential directory and the "to" is to the branches directory? If
so, fail the transaction.
--
David Weintraub
qazwart@gmail.com
RE: An access permissions problem
Posted by David Aldrich <Da...@EU.NEC.COM>.
Hi David
Thanks for your help. Yes, the branches, tags, and trunk directories are at the
root. In your suggestion, I am worried that a developer might create a branch containing ConfidentialFolder in /branches rather than in /branches/ConfidentialBranches, by mistake. Do you agree that is a problem?
David
-----Original Message-----
From: David Weintraub [mailto:qazwart@gmail.com]
Sent: 21 December 2010 15:40
To: David Aldrich
Cc: users@subversion.apache.org
Subject: Re: An access permissions problem
It looks like the, branches, tags, and trunk directories are at the
root of your repository. What if you create the confidential branches
under their own folder under the branches and tags directories instead
of directly under those directories?
Then, you could specify it this way:
[myproj:/trunk/ConfidentialFolder]
@myPrivilegedGroup = rw
* =
[myproj:/branches/ConfidentialBranches]
@myPrivilegedGroup = rw
* =
[myproj:/tags/ConfidentialTags]
@myPrivilegedGroup = rw
* =
On Tue, Dec 21, 2010 at 9:46 AM, David Aldrich <Da...@eu.nec.com> wrote:
> Hi
>
>
>
> We host each of our projects in a separate svn repo and control access
> permissions via Apache.
>
>
>
> In one large project, we need to limit the visibility of a few confidential
> files. We have done this by specifying something like:
>
>
>
> [myproj:/trunk/ConfidentialFolder]
>
> @myPrivilegedGroup = rw
>
> * =
>
>
>
> The problem with this is that the confidential files become visible to
> everyone when we create a branch. Of course, we could control the visibility
> of the branches by adding further directives but this becomes complex and
> hard to validate. So we think it is best to only set access permissions on
> entire repositories.
>
>
>
> Therefore, we think a better solution would be to put the confidential files
> in their own repo and bring them into the large project with an external.
> However, I am not sure what happens when an external can't be resolved
> because access to the external repo is denied.
>
>
>
> I would welcome any advice on this problem.
>
>
>
> BR
>
>
>
> David
--
David Weintraub
qazwart@gmail.com
Click https://www.mailcontrol.com/sr/m5HZpEx0TeXTndxI!oX7Ui!B!9hWdHWJSayi3ertgL1BdOqvXvhMeYlmF8vykjgUr+eZouLtF3paXEW7R1X!lw== to report this email as spam.
Re: An access permissions problem
Posted by David Weintraub <qa...@gmail.com>.
It looks like the, branches, tags, and trunk directories are at the
root of your repository. What if you create the confidential branches
under their own folder under the branches and tags directories instead
of directly under those directories?
Then, you could specify it this way:
[myproj:/trunk/ConfidentialFolder]
@myPrivilegedGroup = rw
* =
[myproj:/branches/ConfidentialBranches]
@myPrivilegedGroup = rw
* =
[myproj:/tags/ConfidentialTags]
@myPrivilegedGroup = rw
* =
On Tue, Dec 21, 2010 at 9:46 AM, David Aldrich <Da...@eu.nec.com> wrote:
> Hi
>
>
>
> We host each of our projects in a separate svn repo and control access
> permissions via Apache.
>
>
>
> In one large project, we need to limit the visibility of a few confidential
> files. We have done this by specifying something like:
>
>
>
> [myproj:/trunk/ConfidentialFolder]
>
> @myPrivilegedGroup = rw
>
> * =
>
>
>
> The problem with this is that the confidential files become visible to
> everyone when we create a branch. Of course, we could control the visibility
> of the branches by adding further directives but this becomes complex and
> hard to validate. So we think it is best to only set access permissions on
> entire repositories.
>
>
>
> Therefore, we think a better solution would be to put the confidential files
> in their own repo and bring them into the large project with an external.
> However, I am not sure what happens when an external can’t be resolved
> because access to the external repo is denied.
>
>
>
> I would welcome any advice on this problem.
>
>
>
> BR
>
>
>
> David
--
David Weintraub
qazwart@gmail.com