You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Steve Seremeth <su...@seremeth.com> on 2004/12/02 22:21:20 UTC

Best Practices: SVN for configuration files - round 2

Hello -

I've been researching using Subversion for system files (*nix boxes, 
primarily) and I'm having a hard time deciding the best approach.  What 
is everyone else doing?  I have been through the archives and seen a 
number of threads about this and a lot of the same questions have been 
discussed with no clear solution that fills the need (some are pretty 
close).

Here's one of several previous threads on this issue:
http://subversion.tigris.org/servlets/ReadMsg?list=users&msgId=279816

2 Primary Techniques:
1.  Your filesystem is your working copy
2.  You clone the filesystem in the repository and use a different local 
directory to store your working copy other than /

Both methods require that you find a way to maintain file ownership and 
permissions.  Ross Mark's "asvn" script does a nice job of this (if you 
want every file in the fs checked into your repository) by storing this 
data in the properties of the files/dirs with pre and post svn shell 
wrappers.

Option 1:
* You have .svn dirs in your filesystem. 
    - Problematic if you care at all about security because the 
"text-base" files are world readable.
    - .svn dirs may cause issues with some daemons and/or rc dirs
* You don't have to worry about moving files around and reverting 
becomes an easy task

Option 2:
* You _do_ have to worry about moving files around (not a big deal)
* Doesn't solve the security issue.  If you place the working copy in a 
place where only root can read it, everyone else can't check files in 
and out of the repository

I'm probably going to just write something similar to Ross' script that 
stores the permissions/ownership in the file properties, but the 
remaining issues are:
* Where do I locate the working copy?  Do I end up doing a working copy 
for root-owned files and another for everything else?  That seems pretty 
gross.
* Is there a way to handle security in such a way that everyone can see 
what they need to see and only that? 

The handful of admins who would be using this all login as themselves 
and then su, so capturing their usernames for repository authentication 
(as themselves for auditing) shouldn't be a big deal.  I know subversion 
wasn't designed for this, but if I get it working correctly, it's going 
to solve a big problem.

Thanks for any advice -

Steve





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org