You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Paul Joseph Davis (JIRA)" <ji...@apache.org> on 2010/12/06 00:00:10 UTC

[jira] Updated: (INFRA-3160) Hook: Authorization

     [ https://issues.apache.org/jira/browse/INFRA-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Joseph Davis updated INFRA-3160:
-------------------------------------

    Attachment: pre-receive

Implemented a check against the svn authz file for group permissions on the repository that's being edited.

This hard codes a relative path for the asf-authorization file to be one level above the repos directory which currently works out to be /usr/local/www/tyr.zones.apache.org/. There's also no cron script to automatically refresh the asf-authorization file.

> Hook: Authorization
> -------------------
>
>                 Key: INFRA-3160
>                 URL: https://issues.apache.org/jira/browse/INFRA-3160
>             Project: Infrastructure
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: Git
>            Reporter: Paul Querna
>            Priority: Trivial
>         Attachments: pre-receive
>
>
> Task: Using a pre-receive hook, restrict the user to only write to a repository that they have group write access to.
> Groups are defined in LDAP, but we generally use a static file that is updated after ldap automatically, and it has been suggested that we re-use the svn authz file.
> If not using svn authz file format, write a script that exports to a file format usable by the hook, in addition to the hook script itself.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.