mnemetica

Recipe: subversion(fsfs) + schema "svn+ssh" + schema "https" + schema "http" using POSIX ACLs

How to have a multiple-schema aware subversion repository under your user account (file / svn+ssh schemas), supporting alternative schemas (http/https/svnserve), thus being accessed from at least two different user accounts?

The standard suggested recipe relies upon group maintenance. I didn’t like for a single reason: POSIX ACL seems to be more suitable for managing file permissions (without the need to manage umask, perhaps having to constantly checking fixing file permissions, and don’t forget newgrp)

In a nutshell, you need to:

• Setup subversion and have mastery in svnadmin, schemas, and fsfs repositories;
• Master ACL enabling
• Having a working svnserve / apache2 / ssh setup;

All you need is to enable your repository for being maintained for the different user ids. Suppose your repository (I’ll refer to it as $REPOS) will be accessed from the following users:

• aldrin
• www-data

This one is a quick ACL-enabled solution I’ve come up with. After some troubleshooting, it looks ok:

for user in “” “aldrin” “www-data” ; do \
  for type in “u” “d” ; do
    find $REPOS -type d | xargs -i_ \
      setfacl -m $type:$user:rwx _
  done
  find $REPOS -type f | xargs -i_ \
    setfacl -m u:$user:rwx _
done

What does it mean?

For Each File, You Set Properties, so:

• Its owner keeps its original property;
• Users “aldrin” and “www-data” are granted full access to each file;
• For each directory, you set defaults, to the above two statements are also true for each new file you create

Well, it works. I’m just publishing this recipe in order to have it as a personal finding/report.

Ok, it worked, but I’d like to remove all this ACL thingie..

Just reset your properties:

find . | xargs -i_ setfacl -b _