Subversion Permissions using commit-access-control.pl pre-commit hook
Subversion does not allow fine grained permission management natively through svnserve. For example, it is not possible to disable read/write access to a certain SVN directory for a given user.
However, you generally don’t want all your users to be able to write changes anywhere else than the branch they’re working on until they finish their work and prove that they’re able to “not screw everything up” ;)
This can be achieved by using pre-commit hooks in subversion that will make transactions fail in directory where users don’t have permissions.
For access control, a good choice is the commit-access-control.pl pre-commit hook generally located in /usr/share/subversion/hook-scripts on a default svn install.
You’ll need to copy the /path/to/your/repository/hooks/pre-commit.tmpl to /path/to/your/repository/hooks/pre-commit and make it executable (chmod +x). Then you’ll have to edit that file to add a line that looks like (all on one line) :
/usr/share/subversion/hook-scripts/commit-access-control.pl “$1” “$2” /path/to/your/repository/conf/commit-access-control.cfg || exit 1
Then, you edit the /path/to/your/repository/conf/commit-access-control.cfg to make it look like:
[Make everything read-only for all users] match = .* access = read-only
[Make somebranch read-write for user1] match = ^branches/somebranch users = user1 access = read-write
And you’re all set ;) When user1 tries to commit in somebranch, it will go smooth. Any other user committing will result in a failure. You can change this by adding :
[Make everything writable to some users listed here below]
match = .* users = user2 user3 access = read-write
[ad#Adsense-square]
Tags: Technical
I could definitely see your expertise in the work you write. The sector hopes for more passionate writers like you exchanging such great tips! Thanks.
[…] it for my situation. See the Word Aligned article for a details on testing the hook script and this blog for information on setting up commit-access-control.pl. var dd_offset_from_content = 40; […]
is there similar way to restrict the users from being able to read certain directories?
mandm: SVN doesn’t have pre-checkout hooks that you can use for this. However, one way to go could be SVN Path Based Authorization.
Thanks for some other wonderful post. Where else may anyone get that kind of information in such a perfect means of writing? I’ve a presentation subsequent week, and I’m on the look for such information.
i am getting the below error while executing commit-access-control.pl
Error:
Can’t locate Config/IniFiles.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8
ram: You shouldn’t be executing the script manually. Instead, you should modify the repository configuration as indicated in the post so that the script is run by the SVN process before each commit as a pre-commit hook.
sorry, mis-used previous submission.
I have tested commiting from eclipse. I get an:
org.tigris.subversion.javahl.ClientException: A repository hook failed
svn: Commit blocked by pre-commit hook (exit code 126) with output:
/bin/sh: /Config_Mgmt/SvnRepos/TalendIntRepo/hooks/pre-commit: Permission denied
org.tigris.subversion.javahl.ClientException: A repository hook failed
svn: Commit blocked by pre-commit hook (exit code 126) with output:
/bin/sh: /Config_Mgmt/SvnRepos/TalendIntRepo/hooks/pre-commit: Permission denied
I presume the exit code 126 coms from the commit-access-control.pl, how do I debug this?
Thanks
Your place has been invaluable to me. Thanks!
It’s hard to find well-informed people on this topic, however,
you seem like you know what you’re talking about!
Thanks