On Oct 1, 2011 7:26 AM, "Michael Orlitzky" <michael@orlitzky.com> wrote:
>
> On 09/30/2011 07:59 PM, Grant wrote:
> >
> > Thanks for that.  I haven't thought it all the way through, but if
> > Unix ownership and permissions aren't granular enough and subversion's
> > path-based authorization won't work, I will need to use ACLs.  I think
> > both subversion's path-based authorization and Unix
> > ownership/permissions would be simpler to implement and maintain than
> > ACLs so I'm hoping it doesn't come to that.
> >
>
> ACLs really aren't as bad as they look at first. They work just like
> permissions on Windows, which are one of the few things it does right.
> My example is made much more difficult because /var/www contains
> directories writable by other customers.
>
> I know *my* config.php files are chgrp apache and chmod 660, but I don't
> expect everyone else to be so careful (and they shouldn't have to be).
>
> If you are going to go the version control route, I would suggest
> setting up a new repository with only the code that he will be working
> on. You can use a post-update script (or whatever svn calls them) on the
> server to pull his code into production. He doesn't need to access the
> files directly.
>

+1 on production server pulling from $VCS.

I'm currently assisting a friend of mine, who's the CEO of a business
incubator. In order to force them startups to use the $VCS, we require them
to first commit their codes to the $VCS, then have a script pull the newest
version into production.

At first, they whined. Oh, how they whined! But after the $VCS saved their
bacons many times, now they're firm believers in version control :-)

Rgds,