RE: File access control
-Original Message- From: Grant [mailto:emailgr...@gmail.com] Sent: 29 September 2011 03:42 To: users@subversion.apache.org Subject: File access control I see that subversion supports path-based authorization: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Is there a way to do file-based authorization? Or maybe some sort of trickery to mimic file-based authorization? If not, can anyone think of a way to allow read/write access to only certain files in a working system? I could use chmod/chown but the files to which access is allowed will be changing pretty frequently so it would be nice to have accessible files defined in a list as part of the version control system, file transport mechanism, or anything else. I believe that the short answer is 'no'. There are strategies that could help depending on why you need the restrictions. However, chmod/chown is not one of them as it is not easy (nor recommended) to work out which objects in the fsfs data correspond to which files in the repo and each new revision will generate new fsfs elements (unless you use packing...) Can you sketch out why you think you need to protect specific files? ~ mark c
RE: ++ Best Oracle DB Version to compile Subversion ++
-Original Message- From: Victor Medina [mailto:jefedesopo...@cmgm.com.ve] Sent: 28 September 2011 21:55 To: users@subversion.apache.org Subject: ++ Best Oracle DB Version to compile Subversion ++ Hi all! About compiling Subverions with BDB support, Which is the best BDB version to compile Subversion 1.6 1.7? Can I use the latest? Or there are specific recomended versions for 1.6 and 1.7? I'm building for windows with apache 2.2. I am sorry but I do not know the answer to your question. However I am intrigued as to why you want to use BDB instead of the now-standard FSFS backend? I ask because I use svn/fsfs on windows (without problems) and the only reason that comes to mind is you have a lot of data already in BDB? ~ mark c
Re: File access control
Guten Tag Grant, am Donnerstag, 29. September 2011 um 04:41 schrieben Sie: Is there a way to do file-based authorization? Not that I read of. Or maybe some sort of trickery to mimic file-based authorization? You can always create folders, depending on what exactly you have to protect against whom. If not, can anyone think of a way to allow read/write access to only certain files in a working system? Do you mean a working copy? If so, this is no option at all because the working copy is controlled by the person you want to protect your files against. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig Telefon: Potsdam: 0331-743881-0 E-Mail: tschoen...@am-soft.de Web: http://www.am-soft.de AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
Re: Subversion Exception. Version 1.7
On Sep 28, 2011, at 16:02, Jody Breaux wrote: I also tried just going back to 1.6, but after it installed, I tried to update/commit, and it reported that the repository was modified with version 1.7 so I must upgrade to 1.7 before continuing. You mean working copy, not repository.
Re: subversion upgrade from 1.4.6 to 1.7
On 29/09/11 05:33, Rajesh wrote: On Wed, Sep 21, 2011 at 5:59 AM, Daniel Shahafd...@daniel.shahaf.name wrote: Hyrum K Wright wrote on Wed, Sep 21, 2011 at 05:44:33 -0500: 2011/9/21 Ulrich Eckhardtulrich.eckha...@dominolaser.com: Am 21.09.2011 11:00, schrieb Hyrum K Wright: [repository upgrade] Since you are moving from 1.4 to 1.7, however, you may want to run 'svnadmin upgrade' on the new repositories, to enable new features available since 1.4. Wait: I was under the impression that this enabled new features _as far as possible_, but that some extensive internal changes (sharding? reverse deltas? something?) actually required a dump/load cycle to make full use of, or am I mistaken? You're right: sharding may require a load to enable (though I seem to recall a script somewhere would would do it to a live repo). Things like packing can be enabled with a simple upgrade of the repository. Except that sharding is a prerequisite to packing. wanted to thank each and every one for their suggestions.. here is what i did. 1/ setup a new box with svn 1.7 rc3 2/ svnsync from main repo via a small script .. so all sync continues on a cron schedule 3/ I have about 500 repos and 200G data so will take a month to sync .. i observed that the packing is happening at the default 1000 rev into its own dir and i decided to leave it at that . 4/ will do a dns flip and bring the 1.7 up and running. 5/ remove the 0 th property so no one can accidentally sync from the previous location. 6/ make this new repo the master .. setup some other repository browsing tools on the old location. Thanks again for your time .. much appreciated help from each one of the folks. Regards, Raj Don't forget to copy over your hooks as they are not copied by svnsync. Also make sure to set the new repositories' UUIDs as the old ones or you will have to do a switch --relocate on all your WCs Giulio
v1.7RC3: redirect cycle detected
Hi, I am using/testing v1.7 RC3 on CentOS 5.7. I have created several repositories and I am able to checkout/update/commit using the file:// protocol. I can access the repositories via http in a browser (http://localhost/repo/projx) and browse through the folder structure but when I try to checkout using http I get the following error (after the authentication dialog): Redirect cycle detected for URL 'http://[ipaddress]/repo/projx' My subversion.org looks like this: Location /repo DAV svn # SVNPath /svn/repo SVNParentPath /svn/repo AuthType Basic AuthName Subversion repos AuthUserFile /etc/svn-auth-conf Require valid-user /Location What's going wrong? Wybe Horsman __ Priva B.V. A disclaimer is applicable to this email, please refer to www.priva.nl/disclaimer. Op deze email is een disclaimer van toepassing, ga naar www.priva.nl/disclaimer.
Re: File access control
On Thu, Sep 29, 2011 at 3:41 AM, Grant emailgr...@gmail.com wrote: I see that subversion supports path-based authorization: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Is there a way to do file-based authorization? Hi Grant, WANdisco offer a commercial product which does exactly this based on our proxy technology. http://www.wandisco.com/subversion/accesscontrol has more details - feel free to get in touch if you have any questions. Best Wishes, Ian -- Ian Wild WANdisco, Inc. http://www.wandisco.com uberSVN: Apache Subversion Made Easy http://www.uberSVN.com http://www.ubersvn.com/
RE: ++ Best Oracle DB Version to compile Subversion ++
Mark, I really like having all options available! =) Sin mas a que hacer referencia, ___ Víctor Medina Centro Médico Guerra Méndez - Jefe de Soporte y Tecnologías Departamento de Sistemas Telf: +58241 856 1223 Ext. 1223 Cell: +58424 422 8988 BB Pin: 22A7C718 correo-e: jefedesopo...@cmgm.com.ve De: Cooke, Mark [mark.co...@siemens.com] Enviado el: jueves, 29 de septiembre de 2011 2:08 a.m. Para: users@subversion.apache.org CC: Victor Medina Asunto: RE: ++ Best Oracle DB Version to compile Subversion ++ -Original Message- From: Victor Medina [mailto:jefedesopo...@cmgm.com.ve] Sent: 28 September 2011 21:55 To: users@subversion.apache.org Subject: ++ Best Oracle DB Version to compile Subversion ++ Hi all! About compiling Subverions with BDB support, Which is the best BDB version to compile Subversion 1.6 1.7? Can I use the latest? Or there are specific recomended versions for 1.6 and 1.7? I'm building for windows with apache 2.2. I am sorry but I do not know the answer to your question. However I am intrigued as to why you want to use BDB instead of the now-standard FSFS backend? I ask because I use svn/fsfs on windows (without problems) and the only reason that comes to mind is you have a lot of data already in BDB? ~ mark c {Castellano/Spanish} Aviso de exención de responsabilidad: Toda la información y los adjuntos en este mensaje es confidencial y privilegiada. Solamente los destinatarios están autorizados para usar esta información. Las transmisiones de correos electrónicos no están garantizadas y no son seguras o libres de errores y la empresa no acepta responsabilidad por error u omisiones. La empresa no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra política de e-mail. Reportar cualquier uso indebido de correo a: ab...@cmgm.com.ve Cumplimos con el RFC 2142 (http://www.rfc-editor.org/rfc/rfc2142.txt) {English/Inglés} E-mail disclaimer: All information in this message and attachments is confidential and may be legally privileged. Only intended recipients are authorized to use it. E-mail transmissions are not guaranteed to be secure or error free and sender does not accept liability for such errors or omissions. The company will not accept any liability in respect of such communication that violates our e-Mail Policy. Report any abuse to: ab...@cmgm.com.ve We are RFC 2142 compliant (http://www.rfc-editor.org/rfc/rfc2142.txt)
Re: File access control
On Thursday 29 September 2011 05:10 PM, Ian Wild wrote: On Thu, Sep 29, 2011 at 3:41 AM, Grant emailgr...@gmail.com mailto:emailgr...@gmail.com wrote: I see that subversion supports path-based authorization: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Is there a way to do file-based authorization? Hi Grant, WANdisco offer a commercial product which does exactly this based on our proxy technology. http://www.wandisco.com/subversion/accesscontrol has more details - feel free to get in touch if you have any questions. Best Wishes, Ian I could nowhere see any information about *file-based* authorization in the link provided above. FYI: SubversionEdge has a simple and easy way of path-based authorization allowing the user to customize the permissions very easily. --Prabhu
Re: File access control
On Wed, Sep 28, 2011 at 10:41 PM, Grant emailgr...@gmail.com wrote: I see that subversion supports path-based authorization: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Is there a way to do file-based authorization? Or maybe some sort of trickery to mimic file-based authorization? If not, can anyone think of a way to allow read/write access to only certain files in a working system? I could use chmod/chown but the files to which access is allowed will be changing pretty frequently so it would be nice to have accessible files defined in a list as part of the version control system, file transport mechanism, or anything else. Files are paths too. The path-based authz applies to any path (folder or file). For example: [repos:/trunk/readme.txt] @releng = rw * = r A rule like that works fine. -- Thanks Mark Phippard http://markphip.blogspot.com/
Re: Add SVN subset to the main superset
On Thu, Sep 29, 2011 at 06:58, rmp8...@googlemail.com rmp8...@googlemail.com wrote: Hi there, I like to use SVN for my documents and backup my data. In major I use my USB-Stick for this which has a repository, but once a week I want to give all the revisions / commits (not only the head) made on the stick to a major repository. How do I do that? -- In detail: I have a major repository on a big external drive. And a latest subset on my stick always with me. If the stick runs full I delete everything and get the 10 latest revisions: svnadmin dump -revision 90:100 Latest.dump (if 100 is the HEAD) svnadmin create MyRepository svnadmin load MyRepository Latest.dump And I update and commit only on stick for a week (lets say my head-revision will be 120 then). At weekend I like to give those commits made on the stick to the main repository on the external. What will be the command for it? I think Subversion may not be the best fit for your usage. What you describe is very easy (from that I understand) with a DVCS like Git or Mercurial - they're basically designed to be used in this way, while Subversion isn't. Perhaps a hybrid approach with git-svn?
Web-based SVN auth file editor?
Can anyone recommend a relatively light-weight AuthzSVNAccessFile editor? I just tried svn-access-manager but it's fundamentally broken in a few places I gave up trying to get it to work. Really, all I want is for those people in charge of a repo. to be able to edit that repo's (but only that repo's) access permissions instead us having to hassle our admin guy for each mod. I remember seeing a few SQL-based ones (which I avoided at the time, but will try if need be), but I can't seem to fin them now! I don't want too many dependencies, as the server's Solaris, which has an ... interesting package management system. -- [neil@fnx ~]# rm -f .signature [neil@fnx ~]# ls -l .signature ls: .signature: No such file or directory [neil@fnx ~]# exit
Re: Web-based SVN auth file editor?
On Thu, Sep 29, 2011 at 6:48 PM, Neil Bird n...@jibbyjobby.co.uk wrote: Can anyone recommend a relatively light-weight AuthzSVNAccessFile editor? I just tried svn-access-manager but it's fundamentally broken in a few places I gave up trying to get it to work. Really, all I want is for those people in charge of a repo. to be able to edit that repo's (but only that repo's) access permissions instead us having to hassle our admin guy for each mod. I remember seeing a few SQL-based ones (which I avoided at the time, but will try if need be), but I can't seem to fin them now! I don't want too many dependencies, as the server's Solaris, which has an ... interesting package management system. You can checkout svnmanager http://svnmanager.org/ -- [neil@fnx ~]# rm -f .signature [neil@fnx ~]# ls -l .signature ls: .signature: No such file or directory [neil@fnx ~]# exit -- Vishwajeet Singh +91-9657702154 | dextrou...@gmail.com | http://bootstraptoday.com Twitter: http://twitter.com/vishwajeets | LinkedIn: http://www.linkedin.com/in/singhvishwajeet
Re: File access control
On Thu, Sep 29, 2011 at 1:34 PM, Prabhu Gnana Sundar prabh...@collab.netwrote: ** On Thursday 29 September 2011 05:10 PM, Ian Wild wrote: WANdisco offer a commercial product which does exactly this based on our proxy technology. http://www.wandisco.com/subversion/accesscontrol has more details - feel free to get in touch if you have any questions. I could nowhere see any information about *file-based* authorization in the link provided above. I know it's not a detailed description, but as per the feature list on that page: Allows access control to be implemented at the SVNROOT, branch, directory or *file* levels. You can in fact specify regular expressions to determine patterns for your rules, and we support wildcards etc through that mechanism so it's pretty powereful. FYI: SubversionEdge has a simple and easy way of path-based authorization allowing the user to customize the permissions very easily. Seeing as I'm in plug mode, so does uberSVN - http://www.ubersvn.com :-) Best Wishes, Ian Ian Wild WANdisco, Inc. uberSVN: Apache Subversion Made Easy http://www.uberSVN.com http://www.ubersvn.com/
RE: Subversion Exception. Version 1.7
TortoiseSVN 1.6.99, Build 21923 - 64 Bit , 2011/09/01 20:31:07 Subversion 1.7.0, -dev apr 1.4.5 apr-utils 1.3.12 neon 0.29.6 OpenSSL 1.0.0d 8 Feb 2011 zlib 1.2.5 Jody Breaux 9433 Bee Cave Road Building 3 Suite 105 Austin, TX 78733 ofc 512-584-8163 efax 512-233-0885 cell 512-799-9050 Scan Here -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, September 28, 2011 4:27 PM To: Jody Breaux Cc: users@subversion.apache.org Subject: Re: Subversion Exception. Version 1.7 2011/9/29 Jody Breaux jody.bre...@centexsolutions.com I was using version 1.6 (the latest), then I upgraded to 1.7, that's when the problems started. Which version of TortoiseSVN 1.7 (as shown in About dialog)? A nightly is built every night with current code from /subversion/branches/1.7.x. Can you send your e-mails in plain text? Without HTML and those images. Best regards, Konstantin Kolinko
RE: Subversion Exception. Version 1.7
You are correct. Working copy. Jody Breaux 9433 Bee Cave Road Building 3 Suite 105 Austin, TX 78733 ofc 512-584-8163 efax 512-233-0885 cell 512-799-9050 Scan Here -Original Message- From: Ryan Schmidt [mailto:subversion-20...@ryandesign.com] Sent: Thursday, September 29, 2011 2:29 AM To: Jody Breaux Cc: users@subversion.apache.org Subject: Re: Subversion Exception. Version 1.7 On Sep 28, 2011, at 16:02, Jody Breaux wrote: I also tried just going back to 1.6, but after it installed, I tried to update/commit, and it reported that the repository was modified with version 1.7 so I must upgrade to 1.7 before continuing. You mean working copy, not repository.
Re: Subversion Exception. Version 1.7
On Thu, Sep 29, 2011 at 9:42 AM, Andy Levy andy.l...@gmail.com wrote: On Thu, Sep 29, 2011 at 10:36, Jody Breaux jody.bre...@centexsolutions.com wrote: TortoiseSVN 1.6.99, Build 21923 - 64 Bit , 2011/09/01 20:31:07 Subversion 1.7.0, -dev apr 1.4.5 apr-utils 1.3.12 neon 0.29.6 OpenSSL 1.0.0d 8 Feb 2011 zlib 1.2.5 Please try a current build. And please stop top-posting. That's a good point: does the problem still exist with the latest builds of TortoiseSVN? By the way, thanks for reporting and helping us chase down the problem. If it seems like folks are terse, it's just because there isn't really any reason to be otherwise. We really do appreciate your efforts. -Hyrum -- uberSVN: Apache Subversion Made Easy http://www.uberSVN.com/
Re: File access control
Guten Tag Mark Phippard, am Donnerstag, 29. September 2011 um 14:37 schrieben Sie: Files are paths too. The path-based authz applies to any path (folder or file). For example: [repos:/trunk/readme.txt] @releng = rw * = r A rule like that works fine. I didn't try, but if it works it would be nice to get that mentioned in the book. I always thought directories are all which is possible. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig Telefon: Potsdam: 0331-743881-0 E-Mail: tschoen...@am-soft.de Web: http://www.am-soft.de AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
Re: Add SVN subset to the main superset
On Thu, Sep 29, 2011 at 8:15 AM, rmp8...@googlemail.com rmp8...@googlemail.com wrote: Thanks for your answer! Hm ok. SVN is not the best solution but is it impossible by that fact? The example is abstract for a bigger problem, so my chief interest lay in feasibility and the way how to do it. I'd expect this to work only in the case where the copied repository is a strict backup of the one actively used - in which case svnsync is probably an easier approach to updating the backup copy. It will certainly break if any other changes are made directly to the copy and I don't think you can remove older revisions from your active instances like you described. Otherwise we have to transform much data into Git etc. git-svn might be a good fit if you don't mind using the git interface for your work and have room for the local copy. It can push your changes back to a central svn repo in a way that can deal with other concurrent work. -- Les Mikesell lesmikes...@gmail.com
Re: File access control
On Sep 29, 2011, at 10:02, Thorsten Schöning wrote: I didn't try, but if it works it would be nice to get that mentioned in the book. I always thought directories are all which is possible. You should submit that feedback to the people who write the book. They have a separate mailing list.
Authentication realm
Hi Everyone, We recently created a DNS entry for our subversion repository. Prior to this we just use the private LAN IP address to access the repo via http (Apache) Post the change to having a hostname to use I created a new branch - and used the host name to do this. Subsequently when I perform an svn update I a now prompted for username and password for the named instance of our repo. I did some reading in the good book. and used svn switch (svn switch old_IP_address new_HostName_Address at the root of my working copy. svn info confirms that the repo address is now set to the hostname version of the URL. However I am still getting prompted for a username and password. If I enter the usual password - all is good... but the prompt is playing havoc without Continuous Integration scripts. Some more reading suggests that I might need to add a new authentication realm and users via; conf/svnserve.conf I was hoping that I might just get some confirmation that is indeed what I need to do - before I go playing with the config scripts. As always - a big thanks for your help. Gavin.