SVN限制普通用户删除文件及提交时必须填写log日志

SVN用得也算挺广泛的，但是它也存在着一个大问题，就是权限控制得比较差，要么读，要么读写，而读写就意外着可以删除文件(目前我的理解是这样，如果有什么不对的地方，请多指教)。

刚好前段时间发生了开发人员误删代码库的问题，我才意识到这个问题很大。领导的要求是，开发人员等不应当有删除文件的权限，应该只有项目经理之类的有删除文件的权限。

于是上网搜索了一番，发现有不少人也说SVN权限的管理太粗化了。找了好久才发现可以通过svn项目目录下的hooks下的pre-commit实现。

一、首先来看一下svn项目结构。test和test1是我点击该页面的创建按钮创建的。同时我创建了一个普通用户bp(模拟开发人员，测试删除操作)

给bp用户授权

二、进入svn项目的hooks目录

可以看到repositories下有我创建的test和test1两个svn项目目录，hooks下的pre-commit是我新建的

三、看一下pre-commit的内容，这个是最关键的（代码中#注释掉的内容，第一行是非常关键的#!/bin/sh 这个建议保留，否则容易报错。另外，这个文件中建议不加入中文，否则也有可能报错，所以记得把我的中文注释给删掉）。PS:创建完之后，一定要给该文件授予可执行全新chmod +x pre-commit

[root@localhost hooks]# cat pre-commit
#!/bin/sh

# PRE-COMMIT HOOK
#
# The pre-commit hook is invoked before a Subversion txn is
# committed.  Subversion runs this hook by invoking a program
# (script, executable, binary, etc.) named 'pre-commit' (for which
# this file is a template), with the following ordered arguments:
#
#   [] REPOS-PATH   (the path to this repository)
#   [] TXN-NAME     (the name of the txn about to be committed)
#
#   [STDIN] LOCK-TOKENS ** the lock tokens are passed via STDIN.
#
#   If STDIN contains the line "LOCK-TOKENS:\n" (the "\n" denotes a
#   single newline), the lines following it are the lock tokens for
#   this commit.  The end of the list is marked by a line containing
#   only a newline character.
#
#   Each lock token line consists of a URI-escaped path, followed
#   by the separator character '|', followed by the lock token string,
#   followed by a newline.
#
# The default working directory for the invocation is undefined, so
# the program should set one explicitly if it cares.
#
# If the hook program exits with success, the txn is committed; but
# if it exits with failure (non-zero), the txn is aborted, no commit
# takes place, and STDERR is returned to the client.   The hook
# program can use the 'svnlook' utility to help it examine the txn.
#
# On a Unix system, the normal procedure is to have 'pre-commit'
# invoke other programs to do the real work, though it may do the
# work itself too.
#
#   ***  NOTE: THE HOOK PROGRAM MUST NOT MODIFY THE TXN, EXCEPT  ***
#   ***  FOR REVISION PROPERTIES (like svn:log or svn:author).   ***
#
#   This is why we recommend using the read-only 'svnlook' utility.
#   In the future, Subversion may enforce the rule that pre-commit
#   hooks should not modify the versioned data in txns, or else come
#   up with a mechanism to make it safe to do so (by informing the
#   committing client of the changes).  However, right now neither
#   mechanism is implemented, so hook writers just have to be careful.
#
# Note that 'pre-commit' must be executable by the user(s) who will
# invoke it (typically the user httpd runs as), and that user must
# have filesystem-level permission to access the repository.
#
# On a Windows system, you should name the hook program
# 'pre-commit.bat' or 'pre-commit.exe',
# but the basic idea is the same.
#
# The hook program typically does not inherit the environment of
# its parent process.  For example, a common problem is for the
# PATH environment variable to not be set to its usual value, so
# that subprograms fail to launch unless invoked via absolute path.
# If you're having unexpected problems with a hook program, the
# culprit may be unusual (or missing) environment variables.
#
# Here is an example hook script, for a Unix /bin/sh interpreter.
# For more examples and pre-written hooks, see those in
# the Subversion repository at
# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and
# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/

REPOS="$1"
TXN="$2"

# Make sure that the log message contains some text.
SVNLOOK=/application/csvn/bin/svnlook #这个路径需要根据自己的svnlook来写，可以用which svnlook获取，我的安装方式不支持which svnlook，我是使用find / -name svnlook查找的

# Check that the author of this commit has the rights to perform
# the commit on the files and directories being modified.
#commit-access-control.pl "$REPOS" "$TXN" commit-access-control.cfg || exit 1  #原tmpl中的文件存在这条语句，这个语句找不到，是会报错的，建议注释掉

# Make sure that the log message contains some text.
if [ -z `$SVNLOOK log -t "$TXN" "$REPOS" |grep "[a-zA-Z0-9]"` ];then  #这个应该是检测有没有写log message的，发现我提交时写中文log，也会匹配到这种情况，但是看语句应该不会啊，有点奇怪
        echo "svn admin: please add log messages!!!" >&2 #按照网上的说法，后面的>$2貌似不能省略，否则也会报错
        exit 1　　#0代表正常，非0代表异常
fi
USER=`$SVNLOOK author -t $TXN $REPOS`
ADMINLIST=admin  #拥有删除文件权限的项目经理等人员，这里我只授权admin用户
if [ "`echo $ADMINLIST|grep -w $USER|wc -l`" -eq  ];then
        if [ `$SVNLOOK changed -t $TXN $REPOS |grep "^D "|wc -l` -gt  ];then
            echo "svn admin: You Don't have the pemmision of delete!Please contact your administrator!" >&2  #echo里的是提示信息
                exit
        fi
fi

# All checks passed, so allow the commit.
exit 

四、使用bp用户测试删除操作（有时候会出现配置之后没有生效的情况，可以尝试在修改文件两分钟之后再进行测试）

如果不小心误删。可以在以下位置点击被误删的文件右键，选择revert恢复

五、提交时不添加log message

参考链接：http://blog.chinaunix.net/uid-29893597-id-5594571.html