SVN permission management on the centos Platform

When the number of project teams is small, SVN adopts a fully open strategy, which has no impact on project security. However, when more and more people are involved, howSource codeManagement, how to control project security, especially how to protect the core technologies recognized by leaders, quickly put on the agenda of project managers.

For SVN, how to control the permissions of each user and how to simplify permission settings is the topic of this article.

 

Before proceeding to the following topic, I would like to thank you for the help of the article written in "the stars of the sky". The content in the article is already quite good, although the overall feeling is a bit messy, however, I also benefited a lot and had a deep understanding of SVN permission management. This is a link: http://www.cnblogs.com/xingchen/archive/2010/07/22/1782684.html.

 

In order to record the process of configuring SVN permissions and some problems occurred during the configuration process, and of course, for the sake of popularity of my blog, close up this blog post.

 

Each SVN Data Warehouse contains three configuration files:

• Configuration file of the svnserve. conf server process
• Authz user authentication configuration file
• Passwd User Password Configuration File

Svnserve. conf configuration file description

This file is the configuration file of the server master process svnserve. You do not need to restart the service after modifying the configuration in SVN.

# Anonymous user access rule anon-access = none/read/write # verify the user access rule auth-access = none/read/write # specify the authentication user configuration file, permission managementCompositionYou can specify the file path authz-DB = authz # specify the password configuration file, you can specify the file path password-DB = passwd
 

 

Authz configuration file description

This is a configuration file for SVN permission management. It is very important to configure it with caution. Before proceeding to elaborate on how to configure permissions at all levels, we need to clarify an important definition: SVN only controls permissions for directories and cannot control specific files.

 
# Data Warehouse/CodeDatabase Name and root directory [Edu:/] # user and user permissions. If the user is left blank, this indicates that the user has no permissions in the current project. # If "*" is used, it indicates the basic permissions of all users. For a specific person, it also depends on whether he has defined his own permissions hansy = RW # Read and Write Permissions hansy = # The current project/branch has no permissions * = R # The current project is open to everyone.
 

If you need to specify specific permissions for the sub-directory of the code library, you can perform the following operations:

 
[Edu:/cloud/brief] hansy = rcaro =
 

Does it seem simple? I thought it was complicated and troublesome before I learned about SVN permission configuration ......

Someone may suggest that if I have a lot of people and the flow of people is also high, if I need to configure it like this every time, it will not be exhausted, we do not have dedicated system management personnel/configuration personnel. In fact, SVN also provides "group" permission configuration, as we all have roles in all systems.
The SVN group configuration is as follows:

 
# Group configuration. For easy differentiation, add "g _" [groups] before the group name # Anyone who wants to view the document, for example, leader g_vip = morson # Project Manager g_manager = Michael # tester g_test = Scofield # developer g_dev = Lincon # General employee g_member = Rory, Linda, Sarah # secretary, write g_docs = Sarah
 

We started to control group permissions:

 
[Edu: /] # code library root directory permission control @ g_manager = RW # The Project Manager or administrator has the read and write permissions @ g_member = # The General employee does not have the permission @ g_vip = R # The leader has the read permission * = # non-team members do not have permissions # code library source code subdirectory [Edu: /src] @ g_dev = RW @ g_manager = r @ g_member = @ g_vip = r * = # non-team members do not have permissions # code library document directory [Edu: /DOC] @ g_manager = RW # The Project Manager or administrator has the read and write permissions @ g_member = R # The General employee has the read permission @ g_vip = R # The leader has the read permission @ g_dev = r # developers have the read permission @ g_docs = RW # The document Administrator has the read and write permissions * = # non-team members do not have the Permissions
 

In the permission configuration of each directory, "* =" is specified. This is mainly because a rule in SVN is that "sub-directory" inherits all permissions of "parent directory" by default, this may cause a user with access permissions in the "parent directory" to access the "sub-directories" that he cannot access ".

 

Passwd password configuration file description

This file is the user password configuration file. In SVN, You can edit the file to manage the user's password, or use the svn command to manage the password.

The format of the password configuration file is as follows:

 
Hansy = 87827192 Sarah = 87827239
 

Note that the password can be in plain text or encrypted format, but cannot be in Chinese. This is related to the configuration method.

We can use the svn command to configure the user password.

 
# Use htpasswd to add users, passwords, and MD5 encryption # parameter C indicates creating a new file. If this file exists, it will be overwritten by the new file, otherwise, you may cry. # The Parameter M indicates MD5 encryption of the password. htpasswd-CM/opt/SVN/edu/CONF/authz
 

Htpasswd cannot be used to create a user permission configuration file. Therefore, you must configure the permission in the authz file before you can use it properly.