savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[savannah-help-public] [sr #108463] How is write access to SVN/git contr

From: Bob Proulx
Subject: [savannah-help-public] [sr #108463] How is write access to SVN/git controlled
Date: Sat, 28 Dec 2013 01:05:26 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20131215 Firefox/24.0 Iceweasel/24.2.0 
Follow-up Comment #1, sr #108463 (project administration):

I have been wondering about this myself.  Which may seem strange that I would
reply in that case.  But since I don't think anyone else will reply for
perhaps a long time I thought I might as well say what I knew regardless.

As far as I know (could be wrong) any project member may commit to the source
code of any project for which they are a member.

The implementation uses a local PAM plugin that implements user accounts
through mysql.  Using mysql the database is manipulated through the PHP code
of the Savane code base that runs Savannah.  On the vcs.sv.gnu.org machine the
/etc/nsswitch.conf file lists "passwd: compat mysql".  The "mysql" addition
allows accounts to exist in the shared msyql database tables in addition to
the machine local /etc/passwd location.  Projects name Unix account groups. 
The effect is that users will have additional groups for every project that
they are a member.  Looking at 'id' I see that you are in the group nano for
example.

The directories of /srv/git and /srv/svn and others that store the vcs
backends are group writable by the project group.  Therefore commits are
allowed if they have write permission to the directory.  Version commits that
write to the file system will be allowed if they are a member of the group. 
If the user is not a member of the group then write access is denied.

I see nothing that differentiates between users who are a member of a group
and users that are a member of the group and also have project admin status. 
It appears to be purely group membership.

I report the above based upon reverse engineering what I see on the system.  I
could easily be wrong.

Just FYI but for these types of discussion questions (instead of tasks to be
tracked) I prefer using the mailing lists over the web forum.  On the mailing
list I get to use a real editor instead of a browser form.  Your preferences
may be quite different form mine however and I know many people prefer the web
browser forms.  The address@hidden mailing list (also known as
address@hidden) would be a perfect place for the discussion. 
https://lists.gnu.org/mailman/listinfo/savannah-hackers

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108463>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]