Sometimes we get bored at work
-
- The desk of my co-worker Lau.
-
- The desk of my co-worker Lau.
Journal
The hell that is Subversion user management
I am currently working on an important feature for Roots, my Subversion manager.
Currently I am trying to implement path-based permissions, as per ticket #1. However, it seems that Subversion is deliberately designed to be really difficult when it comes to user permissions, and the management of same.
Subversion uses two files to manage users — authz and passwd. One manages the paths and whether a user has read or read/write privileges. The other simply contains the username and password.
Usually the passwd file will look something like this:
[users] some_guy = some_password some_girl = some_other_password
And a authz file will look like something like this:
[/] some_guy = rw some_girl = r
The sample file above shows that both some_guy and some_girl have access to the entire repository, but only some_guy have both read and write privileges.
Now the passwd file is fairly basic, and easy to use. There are further sections one could implement such as usergroups and what-not, but that’s not necessary for the point I am trying to make.
However the authz file is a real mess. Let’s assume that we start with the file I presented above. And then let’s assume that we want to give some_girl write privileges to the /trunk directory. To do that we’ll edit the authz file to look like this:
[/] some_guy = rw some_girl = r [/trunk] some_girl = rw
And maybe it’s just me, but I find that having the permissions set on the path like this, makes little to no sense.
Adding to this is the way that Subversion manages user groups. Now user groups is not something I am planning on adding to Roots (not yet at least).
And here’s the problem … currently Roots collects user information by traversing the authz file, matching the following pattern %username% = %permission%. This works brilliantly, for now, at least. But it has the drawback of the script going completely bonkers if the same username exists more than once, not to mention that currently there’s no support for path definition. Ideally I’d prefer a solution where the username was tied to different paths. Perhaps the authz file could look like this instead:
[some_guy] rw = /trunk, /tags r = /brances
This way we define the individual permissions, directly in users space (so to speak). And if one was keen on adding user group support it could be done by adding a “membership” key to the user definition, like so:
[some_guy] rw = /trunk, /tags r = /brances membership = developers, administrators
Anyway, that’s what I would prefer. Instead I am left dealing with what seems like an illogical and convoluted system (at least in my mind). If I have missed something, please feel free to enlighten me.
So, what’s on the radar
Nothing much really. Things have been quiet, though I have been working on a few things.
First of all Roots has been dormant again for a little while, because, well, I needed to focus on other things. I am however not entire done with the project yet, and plan to get the project to 1.0 within a month or two.
Secondly, I’ve been working on a wiki app for myself. Mostly because I think alot of the wikis out there are bloated or underfeatured … but certainly also so I can learn a few things. I expect to release this code to the rest of the world within the coming weeks as well, just need to polish off the last few things before release.
Imports galore
I’ve just imported an old archive of posts. The most important or interesting bits are probably my PHP tutorials/articles.
The downloads for those articles are not quite ready yet, but it’ll come. Just take a quick breather.
Introducing …
… myself! Yes! I am that pre-occupied, or maybe my ego is just a wee bit inflated.
Work here on tmertz.com is coming along nicely, and I thought I’d just throw some more thoughts out there. Currently I am working on no less than four big projects, as well as couple of lesser ones. Most notably is the re-engineering of the backend that powers www.eidolon.dk, a website for a danish group of LARP enthusiasts. Also, I am working on a PHP-based Subversion manager, which should be able to be released as alpha within a month or so (just need to wrap up some other projects before I can devote more time to this). And finally I am working on a community app called Kinship, about which I will speak more in the future.
Anyway, welcome to the, probably, 26th iteration of tmertz.com. I hope you’ll enjoy your stay.