subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kot...@apache.org
Subject svn commit: r1730856 - in /subversion/trunk/subversion: libsvn_repos/repos.c mod_authz_svn/INSTALL
Date Wed, 17 Feb 2016 15:19:47 GMT
Author: kotkov
Date: Wed Feb 17 15:19:47 2016
New Revision: 1730856

URL: http://svn.apache.org/viewvc?rev=1730856&view=rev
Log:
Provide a (hopefully) better documentation for the AuthzSVNGroupsFile
directive and for the groups-db option in svnserve.conf.

* subversion/libsvn_repos/repos.c
  (create_conf): Explain the purpose of the groups-db option.

* subversion/mod_authz_svn/INSTALL
  (II.1, Example 8): Add necessary details to this example with the
   AuthzSVNGroupsFile directive.
  (II.2): Split into two subsections with the format details and examples
   for both access files and files with the group definitions.

Modified:
    subversion/trunk/subversion/libsvn_repos/repos.c
    subversion/trunk/subversion/mod_authz_svn/INSTALL

Modified: subversion/trunk/subversion/libsvn_repos/repos.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/repos.c?rev=1730856&r1=1730855&r2=1730856&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_repos/repos.c (original)
+++ subversion/trunk/subversion/libsvn_repos/repos.c Wed Feb 17 15:19:47 2016
@@ -848,11 +848,16 @@ create_conf(svn_repos_t *repos, apr_pool
 "### no path-based access control is done."                                  NL
 "### Uncomment the line below to use the default authorization file."        NL
 "# authz-db = " SVN_REPOS__CONF_AUTHZ                                        NL
-"### The groups-db option controls the location of the groups file."         NL
-"### Unless you specify a path starting with a /, the file's location is"    NL
-"### relative to the directory containing this file.  The specified path"    NL
-"### may be a repository relative URL (^/) or an absolute file:// URL to a"  NL
-"### text file in a Subversion repository."                                  NL
+"### The groups-db option controls the location of the file with the"        NL
+"### group definitions and allows maintaining groups separately from the"    NL
+"### authorization rules.  The groups-db file is of the same format as the"  NL
+"### authz-db file and should contain a single [groups] section with the"    NL
+"### group definitions.  If the option is enabled, the authz-db file cannot" NL
+"### contain a [groups] section.  Unless you specify a path starting with"   NL
+"### a /, the file's location is relative to the directory containing this"  NL
+"### file.  The specified path may be a repository relative URL (^/) or an"  NL
+"### absolute file:// URL to a text file in a Subversion repository."        NL
+"### This option is not being used by default."                              NL
 "# groups-db = " SVN_REPOS__CONF_GROUPS                                      NL
 "### This option specifies the authentication realm of the repository."      NL
 "### If two repositories have the same authentication realm, they should"    NL

Modified: subversion/trunk/subversion/mod_authz_svn/INSTALL
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/mod_authz_svn/INSTALL?rev=1730856&r1=1730855&r2=1730856&view=diff
==============================================================================
--- subversion/trunk/subversion/mod_authz_svn/INSTALL (original)
+++ subversion/trunk/subversion/mod_authz_svn/INSTALL Wed Feb 17 15:19:47 2016
@@ -186,10 +186,16 @@ II.   Configuration
          The "Require" statement in the previous example is not strictly
          needed, but has been included for clarity.
 
-      H. Example 8: Separate authz and groups files.
+      H. Example 8: Separating groups and authorization rules
 
-         This configuration allows storing the groups separately from the
-         main authz file with the authorization rules.
+         It may be convenient to maintain group definitions separately from
+         the authorization rules.  This configuration allows splitting them
+         into two separate files.
+
+         The file specified by the AuthzSVNGroupsFile directive uses the
+         same format as the ordinary authz file and should contain a single
+         section with the group definitions.  See section II.2.B for more
+         details.
 
          <Location /svn>
            DAV svn
@@ -205,78 +211,106 @@ II.   Configuration
            Require valid-user
          </Location>
 
+         Configurations with per-repository access files may also use a
+         single file containing the group definitions.  This configuration
+         avoids the need to duplicate the group definitions across multiple
+         per-repository access files.
+
+           AuthzSVNReposRelativeAccessFile filename
+           AuthzSVNGroupsFile /path/to/groups/file
+
+         NOTE: When the AuthzSVNGroupsFile directive is enabled, the
+         file specified with the AuthzSVNReposRelativeAccessFile or
+         AuthzSVNAccessFile directive cannot contain any group definitions.
+
    2. Specifying permissions
 
-      The file format of the access file looks like this:
+      A. File format of the access file
 
-        [groups]
-        <groupname> = <user>[,<user>...]
-        ...
-
-        [<path in repository>]
-        @<group> = [rw|r]
-        <user> = [rw|r]
-        * = [rw|r]
-
-        [<repository name>:<path in repository>]
-        @<group> = [rw|r]
-        <user> = [rw|r]
-        * = [rw|r]
-
-      An example (line continued lines are supposed to be on one line):
-
-        [groups]
-        subversion = jimb,sussman,kfogel,gstein,brane,joe,ghudson,fitz, \
-                     daniel,cmpilato,kevin,philip,jerenkrantz,rooneg, \
-                     bcollins,blair,striker,naked,dwhedon,dlr,kraai,mbk, \
-                     epg,bdenny,jaa
-        subversion-doc = nsd,zbrown,fmatias,dimentiy,patrick
-        subversion-bindings = xela,yoshiki,morten,jespersm,knacke
-        subversion-rm = mprice
-        ...and so on and so on...
-
-        [/]
-        # Allow everyone read on the entire repository
-        * = r
-        # Allow devs with blanket commit to write to the entire repository
-        @subversion = rw
-
-        [/trunk/doc]
-        @subversion-doc = rw
-
-        [/trunk/subversion/bindings]
-        @subversion-bindings = rw
-
-        [/branches]
-        @subversion-rm = rw
-
-        [/tags]
-        @subversion-rm = rw
-
-        [/branches/issue-650-ssl-certs]
-        mass = rw
-
-        [/branches/pluggable-db]
-        gthompson = rw
-
-        ...
-
-        [/secrets]
-        # Just for demonstration
-        * =
-        @subversion = rw
-
-        # In case of SVNParentPath we can specify which repository we are
-        # referring to.  If no matching repository qualified section is found,
-        # the general unqualified section is tried.
-        #
-        # NOTE: This will work in the case of using SVNPath as well, only the
-        # repository name (the last element of the url) will always be the
-        # same.
-        [dark:/]
-        * =
-        @dark = rw
+         The file format of the access file looks like this:
 
-        [light:/]
-        @light = rw
+           [groups]
+           <groupname> = <user>[,<user>...]
+           ...
+
+           [<path in repository>]
+           @<group> = [rw|r]
+           <user> = [rw|r]
+           * = [rw|r]
+
+           [<repository name>:<path in repository>]
+           @<group> = [rw|r]
+           <user> = [rw|r]
+           * = [rw|r]
+
+         An example (line continued lines are supposed to be on one line):
+
+           [groups]
+           subversion = jimb,sussman,kfogel,gstein,brane,joe,ghudson,fitz, \
+                        daniel,cmpilato,kevin,philip,jerenkrantz,rooneg, \
+                        bcollins,blair,striker,naked,dwhedon,dlr,kraai,mbk, \
+                        epg,bdenny,jaa
+           subversion-doc = nsd,zbrown,fmatias,dimentiy,patrick
+           subversion-bindings = xela,yoshiki,morten,jespersm,knacke
+           subversion-rm = mprice
+           ...and so on and so on...
+
+           [/]
+           # Allow everyone read on the entire repository
+           * = r
+           # Allow devs with blanket commit to write to the entire repository
+           @subversion = rw
+
+           [/trunk/doc]
+           @subversion-doc = rw
+
+           [/trunk/subversion/bindings]
+           @subversion-bindings = rw
+
+           [/branches]
+           @subversion-rm = rw
+
+           [/tags]
+           @subversion-rm = rw
+
+           [/branches/issue-650-ssl-certs]
+           mass = rw
+
+           [/branches/pluggable-db]
+           gthompson = rw
+
+           ...
+
+           [/secrets]
+           # Just for demonstration
+           * =
+           @subversion = rw
+
+           # In case of SVNParentPath we can specify which repository we are
+           # referring to.  If no matching repository qualified section is
+           # found, the general unqualified section is tried.
+           #
+           # NOTE: This will work in the case of using SVNPath as well, only
+           # the repository name (the last element of the url) will always be
+           # the same.
+           [dark:/]
+           * =
+           @dark = rw
+
+           [light:/]
+           @light = rw
+
+      B. File format of the groups file
+
+         The file format of the groups file looks like this:
+
+           [groups]
+           <groupname> = <user>[,<user>...]
+           ...
+
+         An example:
+
+           [groups]
+           developers = harry,sally,john
+           managers = jim,joe
 



Mime
View raw message