From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R9nNe-0006tB-FR for garchives@archives.gentoo.org; Sat, 01 Oct 2011 00:24:39 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2A30321C0E2; Sat, 1 Oct 2011 00:24:29 +0000 (UTC) Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16]) by pigeon.gentoo.org (Postfix) with ESMTP id 0424121C050 for ; Sat, 1 Oct 2011 00:23:30 +0000 (UTC) Received: from [192.168.1.100] (c-68-49-223-78.hsd1.md.comcast.net [68.49.223.78]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.viabit.com (Postfix) with ESMTPSA id 50AE737AD8 for ; Fri, 30 Sep 2011 20:23:30 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orlitzky.com; s=mail2; t=1317428610; bh=jV9FxeqX6eBPPUMhbo6DdHb9zn0lB+ooswcS1T/UuiM=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=bbL9nDvaVE4ktYinQrffhDrPkeYiOOI2kWzXm69gp1e9U9GnMRu1aQSWTcFEFA1mS MkD6oF9Rt9AjKHfWVwvyKQImHM7PoSAV/E8yaLcumjXTX0axZvVq0BJrmwTnTKngrS GBJsAGJCEPUllHoKRoiCaBLC8ICPXxTq+ykZ6F+k= Message-ID: <4E865D7F.8080106@orlitzky.com> Date: Fri, 30 Sep 2011 20:23:27 -0400 From: Michael Orlitzky User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110923 Lightning/1.0b3pre Thunderbird/3.1.12 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] {OT} Development framework with access restriction? References: <4E80F086.9010804@orlitzky.com> <20110929091341.128242e2@zaphod.digimed.co.uk> <4E84A98B.4070101@orlitzky.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 7b1cdf775d0a151cc2edfe3ba31f0ddb On 09/30/2011 07:59 PM, Grant wrote: > > Thanks for that. I haven't thought it all the way through, but if > Unix ownership and permissions aren't granular enough and subversion's > path-based authorization won't work, I will need to use ACLs. I think > both subversion's path-based authorization and Unix > ownership/permissions would be simpler to implement and maintain than > ACLs so I'm hoping it doesn't come to that. > ACLs really aren't as bad as they look at first. They work just like permissions on Windows, which are one of the few things it does right. My example is made much more difficult because /var/www contains directories writable by other customers. I know *my* config.php files are chgrp apache and chmod 660, but I don't expect everyone else to be so careful (and they shouldn't have to be). If you are going to go the version control route, I would suggest setting up a new repository with only the code that he will be working on. You can use a post-update script (or whatever svn calls them) on the server to pull his code into production. He doesn't need to access the files directly.