SVN用得也算挺广泛的,但是它也存在着一个大问题,就是权限控制得比较差,要么读,要么读写,而读写就意外着可以删除文件(目前我的理解是这样,如果有什么不对的地方,请多指教)。

刚好前段时间发生了开发人员误删代码库的问题,我才意识到这个问题很大。领导的要求是,开发人员等不应当有删除文件的权限,应该只有项目经理之类的有删除文件的权限。

于是上网搜索了一番,发现有不少人也说SVN权限的管理太粗化了。找了好久才发现可以通过svn项目目录下的hooks下的pre-commit实现。

一、首先来看一下svn项目结构。test和test1是我点击该页面的创建按钮创建的。同时我创建了一个普通用户bp(模拟开发人员,测试删除操作)

给bp用户授权

二、进入svn项目的hooks目录

可以看到repositories下有我创建的test和test1两个svn项目目录,hooks下的pre-commit是我新建的

三、看一下pre-commit的内容,这个是最关键的(代码中#注释掉的内容,第一行是非常关键的#!/bin/sh 这个建议保留,否则容易报错。另外,这个文件中建议不加入中文,否则也有可能报错,所以记得把我的中文注释给删掉)。PS:创建完之后,一定要给该文件授予可执行全新chmod +x pre-commit

[root@localhost hooks]# cat pre-commit

#!/bin/sh

# PRE-COMMIT HOOK

#

# The pre-commit hook is invoked before a Subversion txn is

# committed.  Subversion runs this hook by invoking a program

# (script, executable, binary, etc.) named 'pre-commit' (for which

# this file is a template), with the following ordered arguments:

#

#   [] REPOS-PATH   (the path to this repository)

#   [] TXN-NAME     (the name of the txn about to be committed)

#

#   [STDIN] LOCK-TOKENS ** the lock tokens are passed via STDIN.

#

#   If STDIN contains the line "LOCK-TOKENS:\n" (the "\n" denotes a

#   single newline), the lines following it are the lock tokens for

#   this commit.  The end of the list is marked by a line containing

#   only a newline character.

#

#   Each lock token line consists of a URI-escaped path, followed

#   by the separator character '|', followed by the lock token string,

#   followed by a newline.

#

# The default working directory for the invocation is undefined, so

# the program should set one explicitly if it cares.

#

# If the hook program exits with success, the txn is committed; but

# if it exits with failure (non-zero), the txn is aborted, no commit

# takes place, and STDERR is returned to the client.   The hook

# program can use the 'svnlook' utility to help it examine the txn.

#

# On a Unix system, the normal procedure is to have 'pre-commit'

# invoke other programs to do the real work, though it may do the

# work itself too.

#

#   ***  NOTE: THE HOOK PROGRAM MUST NOT MODIFY THE TXN, EXCEPT  ***

#   ***  FOR REVISION PROPERTIES (like svn:log or svn:author).   ***

#

#   This is why we recommend using the read-only 'svnlook' utility.

#   In the future, Subversion may enforce the rule that pre-commit

#   hooks should not modify the versioned data in txns, or else come

#   up with a mechanism to make it safe to do so (by informing the

#   committing client of the changes).  However, right now neither

#   mechanism is implemented, so hook writers just have to be careful.

#

# Note that 'pre-commit' must be executable by the user(s) who will

# invoke it (typically the user httpd runs as), and that user must

# have filesystem-level permission to access the repository.

#

# On a Windows system, you should name the hook program

# 'pre-commit.bat' or 'pre-commit.exe',

# but the basic idea is the same.

#

# The hook program typically does not inherit the environment of

# its parent process.  For example, a common problem is for the

# PATH environment variable to not be set to its usual value, so

# that subprograms fail to launch unless invoked via absolute path.

# If you're having unexpected problems with a hook program, the

# culprit may be unusual (or missing) environment variables.

#

# Here is an example hook script, for a Unix /bin/sh interpreter.

# For more examples and pre-written hooks, see those in

# the Subversion repository at

# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and

# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/

REPOS="$1"

TXN="$2"

# Make sure that the log message contains some text.

SVNLOOK=/application/csvn/bin/svnlook #这个路径需要根据自己的svnlook来写,可以用which svnlook获取,我的安装方式不支持which svnlook,我是使用find / -name svnlook查找的

# Check that the author of this commit has the rights to perform

# the commit on the files and directories being modified.

#commit-access-control.pl "$REPOS" "$TXN" commit-access-control.cfg || exit 1  #原tmpl中的文件存在这条语句,这个语句找不到,是会报错的,建议注释掉

# Make sure that the log message contains some text.

if [ -z `$SVNLOOK log -t "$TXN" "$REPOS" |grep "[a-zA-Z0-9]"` ];then  #这个应该是检测有没有写log message的,发现我提交时写中文log,也会匹配到这种情况,但是看语句应该不会啊,有点奇怪

        echo "svn admin: please add log messages!!!" >&2 #按照网上的说法,后面的>$2貌似不能省略,否则也会报错

        exit 1  #0代表正常,非0代表异常

fi

USER=`$SVNLOOK author -t $TXN $REPOS`

ADMINLIST=admin  #拥有删除文件权限的项目经理等人员,这里我只授权admin用户

if [ "`echo $ADMINLIST|grep -w $USER|wc -l`" -eq  ];then

        if [ `$SVNLOOK changed -t $TXN $REPOS |grep "^D "|wc -l` -gt  ];then

            echo "svn admin: You Don't have the pemmision of delete!Please contact your administrator!" >&2  #echo里的是提示信息

                exit

        fi

fi

# All checks passed, so allow the commit.

exit

四、使用bp用户测试删除操作(有时候会出现配置之后没有生效的情况,可以尝试在修改文件两分钟之后再进行测试)

如果不小心误删。可以在以下位置点击被误删的文件右键,选择revert恢复

五、提交时不添加log message

参考链接:http://blog.chinaunix.net/uid-29893597-id-5594571.html

SVN限制普通用户删除文件及提交时必须填写log日志的更多相关文章

  1. root用户删除文件提示:Operation not permitted

    root用户删除文件提示:Operation not permitted http://blog.csdn.net/evanbai/article/details/6187578

  2. SVN中怎样忽略当前文件不提交

    场景 在使用SVN进行版本管理时,有时一些自动生成的文件比如证书等,在每台电脑上都会不同,如果将其提交,则会冲突. 怎样将指定的文件或者指定文件后缀的文件忽略提交. 注: 博客主页: https:// ...

  3. [转载]SVN如何恢复已删除文件或文件夹

    http://blog.sina.com.cn/s/blog_694d806e0100kaqz.html 用TortoiseSVN: 1.在本地working copy中,用TortoiseSVN-& ...

  4. [Android Pro] root用户删除文件提示:Operation not permitted

    reference to : http://blog.csdn.net/evanbai/article/details/6187578 一些文件看上去可能一切正常,但当您尝试删除的时候,居然也会报错, ...

  5. GIT入门笔记(12)- 删除文件、提交删除和恢复删除

    在Git中,删除也是一个修改操作,我们实战一下, 1.先添加add一个新文件test.txt到Git并且提交commit到本地版本库: $ git add test.txt$ git commit - ...

  6. SVN配置钩子文件限制提交文件时必须填写更新日志

    进入相应SVN仓库hooks目录,编辑文件pre-commit #!/bin/sh REPOS="$1"TXN="$2" SVNLOOK=/usr/bin/sv ...

  7. SVN设置钩子文件限制提交文件时必须填写更新日志

    进入相应SVN仓库hooks目录,编辑文件pre-commit #!/bin/sh # PRE-COMMIT HOOK## The pre-commit hook is invoked before ...

  8. 解决Linux 下 root用户删除文件提示:Operation not permitted

    问题描述 用最高权限rm文件,居然报错Operation not permitted.查看权限也没有问题.可想而知有可能文件被保护了.用命令lsattr检查一下就知道. [root@linux roo ...

  9. VisualSVN设置提交时必须输入log信息

    在别人的基础上修改的: 自己在Windows上用VisualSVN搭了个服务器,默认提交代码是可以不填任何信息,这可不是我所期望的,于是找到了下面的解决方案: 在VisualSVN的管理控制台中可以设 ...

随机推荐

  1. Synchronized偏向锁和轻量级锁的升级

    原文:https://blog.csdn.net/tongdanping/article/details/79647337 锁的优化1.锁升级锁的4中状态:无锁状态.偏向锁状态.轻量级锁状态.重量级锁 ...

  2. Codeforces A. Game on Tree(期望dfs)

    题目描述: Game on Tree time limit per test 1 second memory limit per test 256 megabytes input standard i ...

  3. Thinkphp下实现D函数用于实例化Model格式

    * D函数用于实例化Model 格式 项目://分组/模块 * @param string $name Model资源地址 * @param string $layer 业务层名称 * @return ...

  4. java构建简单的HTTP服务器

    使用Java技术构建Web应用时, 我们通常离不开tomcat和jetty之类的servlet容器,这些Web服务器功能强大,性能强劲,深受欢迎,是运行大型Web应用的必备神器. 虽然Java的设计初 ...

  5. Node.js是什么?提供了哪些内容?

    什么是Node.js? Node.js是基于Chrome V8 引擎的 JavaScript运行时(运行环境). Node.js提供了哪些内容? Node.js运行时,JavaScript代码运行时的 ...

  6. 【luoguP2995】[USACO10NOV]牛的照片Cow Photographs

    题目链接 首先求出原序列的逆序对个数, 然后考虑每次将目标序列最前面的数放在最后,即最小的数变为最大 设最小数的位置是\(p\),那么逆序对的个数增加了\(n-p\),减少了\(p-1\) #incl ...

  7. 深入浅出的Java网络通信

    已经发表个人公众号 代码展示 package two; import java.io.BufferedReader; import java.io.InputStreamReader; import ...

  8. nginx重启 平滑重启

    进入 ngiinx sbin目录下./nginx -c /usr/local/nginx/conf/nginx.conf -c参数指定了要加载的nginx配置文件路径 停止操作停止操作是通过向ngin ...

  9. CFD-Post中截取任意面的数据

    源视频下载链接: https://pan.baidu.com/s/1i4PtgDR 密码: wsn5

  10. debian10使用国内源安装docker以及一些使用方法

    首先, 我的环境是debian, 容器是centos debian 安装添加新存储库所需的依赖项 1 sudo apt install ca-certificates curl software-pr ...