通过 ssh (svn+ssh) 只读访问 svn 存储库
Read only access to svn repository via ssh (svn+ssh)
我们希望将 Subversion 存储库设置为只读。对颠覆实例中的单个存储库执行此操作对于 ssh 不起作用。 ssh 访问似乎绕过了 svn 的控制。
遵循此处的建议:
Read-only access of Subversion repository
写入权限应该受到限制,但并没有发生。
尽管将存储库更改为只读,但存储库仍可写访问。
限制访问的最简单方法(假设没有用户需要写入访问权限)是删除 SVN 存储库中文件的 w(写入)位。
chmod -R gou-w /path/to/svn-repo
这将防止在文件系统/OS 级别写入。
如果一些用户仍然需要访问权限,您可以为每个用户创建单独的 svn+ssh 端点 class 映射到主机服务器上的不同用户,使用组写入与其他写入位来确定哪个组有权影响写入:
mkgrp writers-grp
chgrp -R writers-grp /path/to/svn-repo
chmod ug+w /path/to/svn-repo
chmod o-w /path/to/svn-repo
然后我会在服务器上针对写入用户注册写入者的 SSH 密钥,并防止密码访问。
可以允许 "read-only" 用户使用众所周知的密码。
这不像配置 SVN 服务器配置那样 "clever" 或 "elegant",但只要用户保密其 SSH 密钥,它就可以很好地工作。
使用 start-commit 挂钩限制提交访问。
Description
The start-commit hook is run before the commit transaction is even
created. It is typically used to decide whether the user has commit
privileges at all.
If the start-commit hook program returns a nonzero exit value, the
commit is stopped before the commit transaction is even created, and
anything printed to stderr is marshalled back to the client.
Input Parameter(s)
The command-line arguments passed to the hook program, in order, are:
- Repository path
- Authenticated username attempting the commit
- Colon-separated list of capabilities that a client passes to the server, including depth, mergeinfo, and log-revprops (new in
Subversion 1.5).
Common uses
- Access control (e.g., temporarily lock out commits for some reason).
- A means to allow access only from clients that have certain
capabilities.
我们希望将 Subversion 存储库设置为只读。对颠覆实例中的单个存储库执行此操作对于 ssh 不起作用。 ssh 访问似乎绕过了 svn 的控制。
遵循此处的建议: Read-only access of Subversion repository
写入权限应该受到限制,但并没有发生。 尽管将存储库更改为只读,但存储库仍可写访问。
限制访问的最简单方法(假设没有用户需要写入访问权限)是删除 SVN 存储库中文件的 w(写入)位。
chmod -R gou-w /path/to/svn-repo
这将防止在文件系统/OS 级别写入。
如果一些用户仍然需要访问权限,您可以为每个用户创建单独的 svn+ssh 端点 class 映射到主机服务器上的不同用户,使用组写入与其他写入位来确定哪个组有权影响写入:
mkgrp writers-grp
chgrp -R writers-grp /path/to/svn-repo
chmod ug+w /path/to/svn-repo
chmod o-w /path/to/svn-repo
然后我会在服务器上针对写入用户注册写入者的 SSH 密钥,并防止密码访问。
可以允许 "read-only" 用户使用众所周知的密码。
这不像配置 SVN 服务器配置那样 "clever" 或 "elegant",但只要用户保密其 SSH 密钥,它就可以很好地工作。
使用 start-commit 挂钩限制提交访问。
Description
The start-commit hook is run before the commit transaction is even created. It is typically used to decide whether the user has commit privileges at all.
If the start-commit hook program returns a nonzero exit value, the commit is stopped before the commit transaction is even created, and anything printed to stderr is marshalled back to the client.
Input Parameter(s)
The command-line arguments passed to the hook program, in order, are:
- Repository path
- Authenticated username attempting the commit
- Colon-separated list of capabilities that a client passes to the server, including depth, mergeinfo, and log-revprops (new in Subversion 1.5).
Common uses
- Access control (e.g., temporarily lock out commits for some reason).
- A means to allow access only from clients that have certain capabilities.