fsfs and user permissions

[Alvin Thompson <al...@thompsonlogic.com>]

hi,

i read the handbook, but i still have a question about user permissions 
with svn. the handbook states that all users need read/write access to 
the repository even for read-only access, but those sections which say 
that seem to be written with berkely DB-backed repositories in mind. 
here's what i did (linux):

1. svnadmin create repos --fs-type fsfs   #umask is 022
2. groupadd projects
3. chgrp -R projects repos/db/
4. chmod -R g+w repos/db/

i have tested this configuration, and it seems to allow read access to 
linux system users who are not in the 'projects' group and read/write to 
those users who are (using svn+ssh to log in).

my question is, does this actually work, or is there a problem that i 
haven't run into yet? if this does work, it seems like a great way to 
allow users write access to repositories on a case-by-case basis. maybe 
the book should be updated to show this approach (assuming it works)?

thanks,
alvin

p.s. - i'm sending this to 'dev' instead of 'users' because i assume the 
answer requires knowlege of how the fsfs back end works. please forward 
if this is not the case.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: fsfs and user permissions

[kf...@collab.net]

Alvin Thompson <al...@thompsonlogic.com> writes:
> kfogel@collab.net wrote:
> > Plenty of users have that knowledge -- a question like this should go
> > to users@, since it's not about Subversion development.
> 
> i was just trying show that i considered sending to users before i
> sent here, so i wouldn't get flamed. ;)

We don't flame based on what you think, but on what you do :-).

(But don't worry, you're not going to get flamed anyway.)

> the reason i asked here is because i want more of an 'authoritative'
> answer than an 'anecdotal' one. anecdotally (is that a word?), i
> already know this approach works and i expect i'd get the same answer
> in the user list, since there have been wiki's/web pages describing
> this process.
> 
> however, the 'dev' list (i assume) would have more knowledge of issues
> that affect actual operation. for example, i remember there was a bug
> in 1.2 where if the 'db/format' file was outdated or missing, *all*
> operations would attempt to write to the repository and thereby break
> things if the repository were read-only. i'm not sure that most users
> are aware of this kind of technical stuff, so i ask here.
> 
> to use a (bad) metaphor, every crow i've ever seen is black. while i
> could probably safely assume that *all* crows are black, i'd feel a
> lot better logically or scientifically proving it, if something
> important (like my code) depended on it.
> 
> so i probably should have worded my question to say, "is anyone aware
> of any issues that would prevent things from working this way?"

The dev@ list is for development discussion.  It's not simply the next
level of support escalation after users@.

When we forward threads from users@ to here, we do it because we think
the thread has potential to reveal a bug we need to know about, or for
some other reason that will contribute to Subversion's development.
If the user happens to get helped as a result of that, that's a nice
side effect, but it's not what the dev@ list is for.

Hope this clarifies,
-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: fsfs and user permissions

[Alvin Thompson <al...@thompsonlogic.com>]

kfogel@collab.net wrote:
> Plenty of users have that knowledge -- a question like this should go
> to users@, since it's not about Subversion development.

i was just trying show that i considered sending to users before i sent 
here, so i wouldn't get flamed. ;)

the reason i asked here is because i want more of an 'authoritative' 
answer than an 'anecdotal' one. anecdotally (is that a word?), i already 
know this approach works and i expect i'd get the same answer in the 
user list, since there have been wiki's/web pages describing this process.

however, the 'dev' list (i assume) would have more knowledge of issues 
that affect actual operation. for example, i remember there was a bug in 
1.2 where if the 'db/format' file was outdated or missing, *all* 
operations would attempt to write to the repository and thereby break 
things if the repository were read-only. i'm not sure that most users 
are aware of this kind of technical stuff, so i ask here.

to use a (bad) metaphor, every crow i've ever seen is black. while i 
could probably safely assume that *all* crows are black, i'd feel a lot 
better logically or scientifically proving it, if something important 
(like my code) depended on it.

so i probably should have worded my question to say, "is anyone aware of 
any issues that would prevent things from working this way?"

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: fsfs and user permissions

[kf...@collab.net]

Alvin Thompson <al...@thompsonlogic.com> writes:
> p.s. - i'm sending this to 'dev' instead of 'users' because i assume
> the answer requires knowlege of how the fsfs back end works. please
> forward if this is not the case.

Plenty of users have that knowledge -- a question like this should go
to users@, since it's not about Subversion development.

Can you send it there, so the thread starts with you?

-Karl


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: fsfs and user permissions

[kf...@collab.net]

Alvin Thompson <al...@thompsonlogic.com> writes:
> Marcus Rueckert wrote:
> > http://monsters.rsn.uni-rostock.de./~darix/site/svn/permissions
> > hope this helps,
> 
> yup, it did, thanks. it confirms that my approach for allowing write
> permissions to the repository should work. but what about the other
> case, where you want to allow read-only access to people outside the
> group? the page doesn't seem to address that. will setting the
> repository as read-only for those users work? the book says it won't
> work for DB back ends, but what about fsfs? it's obvious that write
> operations will fail, which is what i want. but will all non-writing
> operations work properly? or is there some issue which i'm not aware
> of?

Please stop CC'ing the dev@ list on this thread.

Thank you,
-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: fsfs and user permissions

[Alvin Thompson <al...@thompsonlogic.com>]

Marcus Rueckert wrote:
> http://monsters.rsn.uni-rostock.de./~darix/site/svn/permissions
> 
> hope this helps,
> darix

yup, it did, thanks. it confirms that my approach for allowing write 
permissions to the repository should work. but what about the other 
case, where you want to allow read-only access to people outside the 
group? the page doesn't seem to address that. will setting the 
repository as read-only for those users work? the book says it won't 
work for DB back ends, but what about fsfs? it's obvious that write 
operations will fail, which is what i want. but will all non-writing 
operations work properly? or is there some issue which i'm not aware of?

thanks,
alvin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: fsfs and user permissions

[Alvin Thompson <al...@thompsonlogic.com>]

Marcus Rueckert wrote:
> http://monsters.rsn.uni-rostock.de./~darix/site/svn/permissions
> 
> hope this helps,
> darix

yup, it did, thanks. it confirms that my approach for allowing write 
permissions to the repository should work. but what about the other 
case, where you want to allow read-only access to people outside the 
group? the page doesn't seem to address that. will setting the 
repository as read-only for those users work? the book says it won't 
work for DB back ends, but what about fsfs? it's obvious that write 
operations will fail, which is what i want. but will all non-writing 
operations work properly? or is there some issue which i'm not aware of?

thanks,
alvin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: fsfs and user permissions

[Marcus Rueckert <da...@web.de>]

On 2005-04-12 14:06:55 -0400, Alvin Thompson wrote:
> i have tested this configuration, and it seems to allow read access to 
> linux system users who are not in the 'projects' group and read/write to 
> those users who are (using svn+ssh to log in).
> 
> my question is, does this actually work, or is there a problem that i 
> haven't run into yet? if this does work, it seems like a great way to 
> allow users write access to repositories on a case-by-case basis. maybe 
> the book should be updated to show this approach (assuming it works)?

http://monsters.rsn.uni-rostock.de./~darix/site/svn/permissions

hope this helps,
darix

-- 
irssi - the client of the smart and beautiful people

              http://www.irssi.de/


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org