You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Bob Aman <va...@gmail.com> on 2005/04/15 15:37:04 UTC
ACLs
Currently, it seems like there's only very limited support for ACLs in
SVN, with perhaps slightly less limited support when running under
Apache.
What would it take to hack SVN into supporting concepts like user
groups? Or is it in there somewhere and I'm just missing it? Better
yet, what would it take to get SVN to authenticate users via a
database instead of via a config file? Is this functionality
something others might find useful?
--
Bob Aman
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: ACLs
Posted by Daniel Rall <dl...@finemaltcoding.com>.
On Fri, 2005-04-15 at 20:25 +0200, Branko Čibej wrote:
>Greg Hudson wrote:
>
>>On Fri, 2005-04-15 at 14:05, Branko ÄŒibej wrote:
>>
>>>I believe we decided some time ago that, if you want that kind of
>>>complexity, use Apache.
>>
>>That's not really true. mod_authz_svn-style permissions for svnserve
>>has been on the wishlist for a while; it's just that nobody has done it.
>>
>Ah. I must've misremembered memories I may not have had. Sorry. :)
No, using httpd's facilities was indeed the original idea (pre/early
svnserve). But having something similar for svnserve is quite a natural
progression.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: ACLs
Posted by Branko Čibej <br...@xbc.nu>.
Greg Hudson wrote:
>On Fri, 2005-04-15 at 14:05, Branko ÄŒibej wrote:
>
>
>>I believe we decided some time ago that, if you want that kind of
>>complexity, use Apache.
>>
>>
>
>That's not really true. mod_authz_svn-style permissions for svnserve
>has been on the wishlist for a while; it's just that nobody has done it.
>
Ah. I must've misremembered memories I may not have had. Sorry. :)
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: ACLs
Posted by Greg Hudson <gh...@MIT.EDU>.
On Fri, 2005-04-15 at 14:05, Branko Čibej wrote:
> I believe we decided some time ago that, if you want that kind of
> complexity, use Apache.
That's not really true. mod_authz_svn-style permissions for svnserve
has been on the wishlist for a while; it's just that nobody has done it.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: ACLs
Posted by Branko Čibej <br...@xbc.nu>.
Bob Aman wrote:
>On 4/15/05, Branko Čibej <br...@xbc.nu> wrote:
>
>
>>>What would it take to hack SVN into supporting concepts like user
>>>groups?
>>>
>>>
>>>
>>A design plus about 6 mohtns coding.
>>
>>
>
>That's a pleasant thought. Ok.
>
>
>
>>> Or is it in there somewhere and I'm just missing it? Better
>>>yet, what would it take to get SVN to authenticate users via a
>>>database instead of via a config file?
>>>
>>>
>>>
>>Not "SVN", "svnadmin".
>>
>>
>
>By "SVN" I was sort of abstractly referring to Subversion as a whole,
>not just the client.
>
>
Aargh, I should've said "svnserve", not "svnadmin", of course.
>Anyhow, I haven't looked at the code for how authentication works in
>Subversion at all, so I'm kinda wondering if there wouldn't be an
>"easy" way of basically handing off responsibility for authentication
>and access control to some arbitrary external system.
>
>
Subversion realies on the server for authentication; that can be Apache
httpd, or svnserve, or sshd (when tunneling).
>How does mod_authz_svn work?
>
>
Ah... mod_authz_svn is for authorisation, not authhentication.
--
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: ACLs
Posted by Josh Siegel <jo...@stormbirds.org>.
>By "SVN" I was sort of abstractly referring to Subversion as a whole,
>not just the client.
>Anyhow, I haven't looked at the code for how authentication works in
>Subversion at all, so I'm kinda wondering if there wouldn't be an
>"easy" way of basically handing off responsibility for authentication
>and access control to some arbitrary external system.
>
>How does mod_authz_svn work?
>
>
>
>
Amusing how we all end up working on the same area...
You can use apache for authentication via ldap, mysql, or files. The
mod_authz_svn currently pulls its configuration out of a file but it
could also be modified to pull its info out of mysql. Both of these
give you a 90% solution to what you want
Of course, what we really want is putting the group/ACL info directly
into the repository instead of keeping it seperate. This would allow
copying the ACL info when you copy/tag the tree which is currently one
of the biggest holes in the whole ACL story
--josh
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: ACLs
Posted by Bob Aman <va...@gmail.com>.
On 4/15/05, Branko Čibej <br...@xbc.nu> wrote:> >What would it take to hack SVN into supporting concepts like user> >groups?> >> A design plus about 6 mohtns coding.
That's a pleasant thought. Ok. > > Or is it in there somewhere and I'm just missing it? Better> >yet, what would it take to get SVN to authenticate users via a> >database instead of via a config file?> >> Not "SVN", "svnadmin".
By "SVN" I was sort of abstractly referring to Subversion as a whole,not just the client.Anyhow, I haven't looked at the code for how authentication works inSubversion at all, so I'm kinda wondering if there wouldn't be an"easy" way of basically handing off responsibility for authenticationand access control to some arbitrary external system.
How does mod_authz_svn work?
> I believe we decided some time ago that, if you want that kind of> complexity, use Apache.
I'd be using Apache for this project anyways.
-- Bob Aman
Re: ACLs
Posted by Branko Čibej <br...@xbc.nu>.
Bob Aman wrote:
>Currently, it seems like there's only very limited support for ACLs in
>SVN, with perhaps slightly less limited support when running under
>Apache.
>
>What would it take to hack SVN into supporting concepts like user
>groups?
>
A design plus about 6 mohtns coding.
> Or is it in there somewhere and I'm just missing it? Better
>yet, what would it take to get SVN to authenticate users via a
>database instead of via a config file?
>
Not "SVN", "svnadmin".
>Is this functionality something others might find useful?
>
>
I believe we decided some time ago that, if you want that kind of
complexity, use Apache.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org