>> I see that subversion supports path-based authorization: >> >> http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html >> >> Is there a way to do file-based authorization? Or maybe some sort of >> trickery to mimic file-based authorization? If not, can anyone think >> of a way to allow read/write access to only certain files in a working >> system? I could use chmod/chown but the files to which access is >> allowed will be changing pretty frequently so it would be nice to have >> accessible files defined in a list as part of the version control >> system, file transport mechanism, or anything else. > > Files are paths too. The path-based authz applies to any path (folder > or file). For example: > > [repos:/trunk/readme.txt] > @releng = rw > * = r > > A rule like that works fine.
That's great news. I've never used a version control system or any sort of developer framework. Would something like this work? I set up a dev machine, install subversion, and copy all necessary files from my production machine to the dev machine. I decide which file or files I want my dev to work on and give him read/write access to only those files (and neither read nor write access to any other files) via path-based authz on the dev machine. He uses subversion to edit the permissible files and test his changes on the dev machine. Once he is done, I test the dev machine to verify everything is working after his changes, take a look at the specific code changes he made, and then import the changes to the production machine. Then I change the files he has access to via path-based authz and repeat the process. Should this work? How does "He uses subversion to edit the permissible files and test his changes on the dev machine" work? Maybe subversion allows him to download copies of the permissible files, edit them locally, and upload them back to the dev machine? Should subversion be installed on the production machine too? As far as why I'm doing this, the server-side code for my website is in a series of many files. I'd like to hire a dev to work on some of those files, but I don't want to give him read or write access to any of the files besides the ones he is working on. The problem is, each of the files can't be coded in isolation. He needs to be able to test his changes in a running version of the website. - Grant