Simplest Enterprise Continuous Integration Solutions

Saturday, May 26, 2012

Enterprise Linux: Subversion Edge + SSH + NIS

Steps to configure svn repositories access control for specified *NIX group

# existing Subversion Edge + SSH repositories

[root@linux64-svn-server ~]# ls -al /opt/csvn/data/repositories
total 28
drwxr-xr-x  7 csvn csvn  4096 Mar  5 20:17 .
drwxr-xr-x 10 csvn csvn  4096 Jul  3 23:15 ..
drwxr-xr-x  7 csvn root  4096 Feb  7 11:57 demo
drwxr-xr-x  6 csvn root  4096 Feb  7 11:56 demo1

# csvn doesn't exist on NIS server

[root@linux64-svn-server  ~]# ypcat group | grep csvn
[root@linux64-svn-server  ~]# grep csvn /etc/group
csvn:x:502:

# existing local groups: svn_demo, svn_demo2

[root@linux64-svn-server  ~]# ypcat group | grep svn_demo
[root@linux64-svn-server  ~]# grep svn_demo /etc/group
svn_demo:x:503:
svn_demo1:x:504:

# NIS accounts: svn_ssh_nis_user, svn_ssh_nis_user1 are 

[root@linux64-svn-server  ~]# ypcat passwd | grep svn_ssh_nis_user
svn_ssh_nis_user:$1$s6AfoGFg$oQCXLIE.C3SOUaGIo10hg1:505:505::/home/svn_ssh_nis_user:/bin/bash
svn_ssh_nis_user1:$1$d3SzDKH9$.ISbgoVz33FFMTcyGu2931:506:506::/home/svn_ssh_nis_user1:/bin/bash
[root@linux64-svn-server  ~]# grep svn_ssh_nis_user /etc/passwd

# enable supplementary groups

[root@linux64-svn-server  ~]# usermod -a -G svn_demo svn_ssh_nis_user
[root@linux64-svn-server  ~]# usermod -a -G svn_demo1 svn_ssh_nis_user1
[root@linux64-svn-server  ~]# id svn_ssh_nis_user
uid=505(svn_ssh_nis_user) gid=505(svn_ssh_nis_user) groups=505(svn_ssh_nis_user),503(svn_demo)
[root@linux64-svn-server  ~]# id svn_ssh_nis_user1
uid=505(svn_ssh_nis_user1) gid=505(svn_ssh_nis_user1) groups=505(svn_ssh_nis_user1),504(svn_demo1)

# enable Subversion Edge + SSH + NIS repositories

[root@linux64-svn-server ~]# chmod -R 775 /opt/csvn/data/repositories/demo
[root@linux64-svn-server ~]# chown -R :svn_demo /opt/csvn/data/repositories/demo
[root@linux64-svn-server ~]# chown -R :svn_demo1 /opt/csvn/data/repositories/demo1
[root@linux64-svn-server ~]# ls -al /opt/csvn/data/repositories
total 28
drwxr-xr-x  7 csvn csvn      4096 Mar  5 20:17 .
drwxr-xr-x 10 csvn csvn      4096 Jul  3 23:15 ..
drwxrwxr-x  7 csvn svn_demo  4096 Feb  7 11:57 demo
drwxrwxr-x  6 csvn svn_demo1 4096 Feb  7 11:56 demo1

# Access controls for Subversion Edge + SSH + NIS

1. csvn user (rwx) - Subversion Edge + HTTPS check in, check out
2. svn_demo (rwx) - Subversion Edge + SSH + NIS check in, check out for demo repository
3. svn_demo1 (rwx) - Subversion Edge + SSH + NIS check in, check out for demo1 repository
4. others (r-x) - Subversion Edge + SSH + NIS read-only for demo & demo1

# examples for Subversion Edge + SSH + NIS

# check out/check in demo repository

[svn_ssh_nis_user@linux64-svn-client ~]$ svn co svn+ssh://svn_ssh_nis_user@linux64-svn-server/demo/trunk
A    trunk/foo.sh
Checked out revision 7.
[svn_ssh_nis_user@linux64-svn-client ~]$ cd trunk
[svn_ssh_nis_user@linux64-svn-client trunk]$ vi foo.c
[svn_ssh_nis_user@linux64-svn-client trunk]$ svn ci -m "added ..."
Sending        foo.c
Transmitting file data .
Committed revision 8.
[svn_ssh_nis_user@linux64-svn-client trunk]$ svn log -r 8
------------------------------------------------------------------------
r8 | svn_ssh_user | 2012-02-07 13:39:53 -0400 (Tue, 07 Feb 2012) | 1 line


added ...
------------------------------------------------------------------------

# check out/check in demo1 repository


[svn_ssh_nis_user@linux64-svn-client trunk]$ svn co svn+ssh://svn_ssh_user@linux64-svn-server/demo1/trunk
A    trunk/boo.java
Checked out revision 2.
[svn_ssh_nis_user@linux64-svn-client trunk]$ cd trunk/[svn_ssh_nis_user@linux64-svn-client trunk]$ vi boo.java[svn_ssh_nis_user@linux64-svn-client trunk]$ svn ci -m "modify readonly access demo1 repository ..."

Sending        boo.java
Transmitting file data .svn: E000013: Commit failed (details follow):
svn: E000013: Can't open file '/opt/csvn/data/repositories/demo1/db/txn-current-lock': Permission denied
[svn_ssh_nis_user@linux64-svn-client trunk]$
------------------------------------------------------------------------
r2 | admin | 2012-02-07 22:42:30 -0500 (Tue, 07 Feb 2012) | 1 line

initial commit
------------------------------------------------------------------------
 svn log -r 2

No comments:

Post a Comment