From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RA9Hr-0006EO-42 for garchives@archives.gentoo.org; Sat, 01 Oct 2011 23:48:07 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A473A21C1C7; Sat, 1 Oct 2011 23:47:51 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 2FD9C21C18F for ; Sat, 1 Oct 2011 23:46:58 +0000 (UTC) Received: by eyg5 with SMTP id 5so2352031eyg.40 for ; Sat, 01 Oct 2011 16:46:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=kvQY2yCeRDe9Qty41ATsJVMM7VT7E+6qMJ3R2XI1vME=; b=GkL9J2flHI/iOUip20fqc1Be8H66XnYor39qZktOiaM6C1gM8GDqy70bENdBU6yAnX OsYNOOOa/KS53/tXAXw0hEzU6yoIDgSiiU7x0JXC/zNzgaun5rc2TDxIpcEKZ1mY3lQH /Di8uuFAo/Fu/H2wFqbNbfw+j0VP2QJzAxBDQ= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.213.33.142 with SMTP id h14mr353377ebd.65.1317512818340; Sat, 01 Oct 2011 16:46:58 -0700 (PDT) Received: by 10.213.4.136 with HTTP; Sat, 1 Oct 2011 16:46:58 -0700 (PDT) In-Reply-To: <4E865D7F.8080106@orlitzky.com> References: <4E80F086.9010804@orlitzky.com> <20110929091341.128242e2@zaphod.digimed.co.uk> <4E84A98B.4070101@orlitzky.com> <4E865D7F.8080106@orlitzky.com> Date: Sat, 1 Oct 2011 16:46:58 -0700 Message-ID: Subject: Re: [gentoo-user] {OT} Development framework with access restriction? From: Grant To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 9e3f1eb3bd868bdfa38e8c1af807ba4a >> Thanks for that. =A0I haven't thought it all the way through, but if >> Unix ownership and permissions aren't granular enough and subversion's >> path-based authorization won't work, I will need to use ACLs. =A0I think >> both subversion's path-based authorization and Unix >> ownership/permissions would be simpler to implement and maintain than >> ACLs so I'm hoping it doesn't come to that. >> > > ACLs really aren't as bad as they look at first. They work just like > permissions on Windows, which are one of the few things it does right. > My example is made much more difficult because /var/www contains > directories writable by other customers. > > I know *my* config.php files are chgrp apache and chmod 660, but I don't > expect everyone else to be so careful (and they shouldn't have to be). > > If you are going to go the version control route, I would suggest > setting up a new repository with only the code that he will be working > on. You can use a post-update script (or whatever svn calls them) on the > server to pull his code into production. He doesn't need to access the > files directly. I think separate repositories would only be necessary when using distributed version control (git) as opposed to centralized (subversion). I think subversion's path-based authorization should eliminate the need for separate repositories? - Grant