SVN用得也算挺广泛的,但是它也存在着一个大问题,就是权限控制得比较差,要么读,要么读写,而读写就意外着可以删除文件(目前我的理解是这样,如果有什么不对的地方,请多指教)。

刚好前段时间发生了开发人员误删代码库的问题,我才意识到这个问题很大。领导的要求是,开发人员等不应当有删除文件的权限,应该只有项目经理之类的有删除文件的权限。

于是上网搜索了一番,发现有不少人也说SVN权限的管理太粗化了。找了好久才发现可以通过svn项目目录下的hooks下的pre-commit实现。

一、首先来看一下svn项目结构。test和test1是我点击该页面的创建按钮创建的。同时我创建了一个普通用户bp(模拟开发人员,测试删除操作)

给bp用户授权

二、进入svn项目的hooks目录

可以看到repositories下有我创建的test和test1两个svn项目目录,hooks下的pre-commit是我新建的

三、看一下pre-commit的内容,这个是最关键的(代码中#注释掉的内容,第一行是非常关键的#!/bin/sh 这个建议保留,否则容易报错。另外,这个文件中建议不加入中文,否则也有可能报错,所以记得把我的中文注释给删掉)。PS:创建完之后,一定要给该文件授予可执行全新chmod +x pre-commit

[root@localhost hooks]# cat pre-commit

#!/bin/sh

# PRE-COMMIT HOOK

#

# The pre-commit hook is invoked before a Subversion txn is

# committed.  Subversion runs this hook by invoking a program

# (script, executable, binary, etc.) named 'pre-commit' (for which

# this file is a template), with the following ordered arguments:

#

#   [] REPOS-PATH   (the path to this repository)

#   [] TXN-NAME     (the name of the txn about to be committed)

#

#   [STDIN] LOCK-TOKENS ** the lock tokens are passed via STDIN.

#

#   If STDIN contains the line "LOCK-TOKENS:\n" (the "\n" denotes a

#   single newline), the lines following it are the lock tokens for

#   this commit.  The end of the list is marked by a line containing

#   only a newline character.

#

#   Each lock token line consists of a URI-escaped path, followed

#   by the separator character '|', followed by the lock token string,

#   followed by a newline.

#

# The default working directory for the invocation is undefined, so

# the program should set one explicitly if it cares.

#

# If the hook program exits with success, the txn is committed; but

# if it exits with failure (non-zero), the txn is aborted, no commit

# takes place, and STDERR is returned to the client.   The hook

# program can use the 'svnlook' utility to help it examine the txn.

#

# On a Unix system, the normal procedure is to have 'pre-commit'

# invoke other programs to do the real work, though it may do the

# work itself too.

#

#   ***  NOTE: THE HOOK PROGRAM MUST NOT MODIFY THE TXN, EXCEPT  ***

#   ***  FOR REVISION PROPERTIES (like svn:log or svn:author).   ***

#

#   This is why we recommend using the read-only 'svnlook' utility.

#   In the future, Subversion may enforce the rule that pre-commit

#   hooks should not modify the versioned data in txns, or else come

#   up with a mechanism to make it safe to do so (by informing the

#   committing client of the changes).  However, right now neither

#   mechanism is implemented, so hook writers just have to be careful.

#

# Note that 'pre-commit' must be executable by the user(s) who will

# invoke it (typically the user httpd runs as), and that user must

# have filesystem-level permission to access the repository.

#

# On a Windows system, you should name the hook program

# 'pre-commit.bat' or 'pre-commit.exe',

# but the basic idea is the same.

#

# The hook program typically does not inherit the environment of

# its parent process.  For example, a common problem is for the

# PATH environment variable to not be set to its usual value, so

# that subprograms fail to launch unless invoked via absolute path.

# If you're having unexpected problems with a hook program, the

# culprit may be unusual (or missing) environment variables.

#

# Here is an example hook script, for a Unix /bin/sh interpreter.

# For more examples and pre-written hooks, see those in

# the Subversion repository at

# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and

# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/

REPOS="$1"

TXN="$2"

# Make sure that the log message contains some text.

SVNLOOK=/application/csvn/bin/svnlook #这个路径需要根据自己的svnlook来写,可以用which svnlook获取,我的安装方式不支持which svnlook,我是使用find / -name svnlook查找的

# Check that the author of this commit has the rights to perform

# the commit on the files and directories being modified.

#commit-access-control.pl "$REPOS" "$TXN" commit-access-control.cfg || exit 1  #原tmpl中的文件存在这条语句,这个语句找不到,是会报错的,建议注释掉

# Make sure that the log message contains some text.

if [ -z `$SVNLOOK log -t "$TXN" "$REPOS" |grep "[a-zA-Z0-9]"` ];then  #这个应该是检测有没有写log message的,发现我提交时写中文log,也会匹配到这种情况,但是看语句应该不会啊,有点奇怪

        echo "svn admin: please add log messages!!!" >&2 #按照网上的说法,后面的>$2貌似不能省略,否则也会报错

        exit 1  #0代表正常,非0代表异常

fi

USER=`$SVNLOOK author -t $TXN $REPOS`

ADMINLIST=admin  #拥有删除文件权限的项目经理等人员,这里我只授权admin用户

if [ "`echo $ADMINLIST|grep -w $USER|wc -l`" -eq  ];then

        if [ `$SVNLOOK changed -t $TXN $REPOS |grep "^D "|wc -l` -gt  ];then

            echo "svn admin: You Don't have the pemmision of delete!Please contact your administrator!" >&2  #echo里的是提示信息

                exit

        fi

fi

# All checks passed, so allow the commit.

exit

四、使用bp用户测试删除操作(有时候会出现配置之后没有生效的情况,可以尝试在修改文件两分钟之后再进行测试)

如果不小心误删。可以在以下位置点击被误删的文件右键,选择revert恢复

五、提交时不添加log message

参考链接:http://blog.chinaunix.net/uid-29893597-id-5594571.html

SVN限制普通用户删除文件及提交时必须填写log日志的更多相关文章

  1. root用户删除文件提示:Operation not permitted

    root用户删除文件提示:Operation not permitted http://blog.csdn.net/evanbai/article/details/6187578

  2. SVN中怎样忽略当前文件不提交

    场景 在使用SVN进行版本管理时,有时一些自动生成的文件比如证书等,在每台电脑上都会不同,如果将其提交,则会冲突. 怎样将指定的文件或者指定文件后缀的文件忽略提交. 注: 博客主页: https:// ...

  3. [转载]SVN如何恢复已删除文件或文件夹

    http://blog.sina.com.cn/s/blog_694d806e0100kaqz.html 用TortoiseSVN: 1.在本地working copy中,用TortoiseSVN-& ...

  4. [Android Pro] root用户删除文件提示:Operation not permitted

    reference to : http://blog.csdn.net/evanbai/article/details/6187578 一些文件看上去可能一切正常,但当您尝试删除的时候,居然也会报错, ...

  5. GIT入门笔记(12)- 删除文件、提交删除和恢复删除

    在Git中,删除也是一个修改操作,我们实战一下, 1.先添加add一个新文件test.txt到Git并且提交commit到本地版本库: $ git add test.txt$ git commit - ...

  6. SVN配置钩子文件限制提交文件时必须填写更新日志

    进入相应SVN仓库hooks目录,编辑文件pre-commit #!/bin/sh REPOS="$1"TXN="$2" SVNLOOK=/usr/bin/sv ...

  7. SVN设置钩子文件限制提交文件时必须填写更新日志

    进入相应SVN仓库hooks目录,编辑文件pre-commit #!/bin/sh # PRE-COMMIT HOOK## The pre-commit hook is invoked before ...

  8. 解决Linux 下 root用户删除文件提示:Operation not permitted

    问题描述 用最高权限rm文件,居然报错Operation not permitted.查看权限也没有问题.可想而知有可能文件被保护了.用命令lsattr检查一下就知道. [root@linux roo ...

  9. VisualSVN设置提交时必须输入log信息

    在别人的基础上修改的: 自己在Windows上用VisualSVN搭了个服务器,默认提交代码是可以不填任何信息,这可不是我所期望的,于是找到了下面的解决方案: 在VisualSVN的管理控制台中可以设 ...

随机推荐

  1. Kotlin反射重要组件与流程详解

    继续学习Kotlin反射,我们知道对于Java的反射类是Class,而在Kotlin中的反射类是KClass,而在Java当中对于反射中的方法是用Method,而在Kotlin中是用KFunction ...

  2. [POJ2083] Fracal

    Description A fractal is an object or quantity that displays self-similarity, in a somewhat technica ...

  3. (转)python自动化测试之异常及日志

    为了保持自动化测试用例的健壮性,异常的捕获及处理,日志的记录对掌握自动化测试执行情况尤为重要,这里便详细的介绍下在自动化测试中使用到的异常及日志,并介绍其详细的用法. 一.日志 打印日志是很多程序的重 ...

  4. sort()函数中的key

    d = { , , } #for k in d.items(): # print(k) content = list(d.items()) print(content) content.sort(ke ...

  5. C# 跨线程对控件赋值

    第一种 跨线程对控件赋值 private void button2_Click(object sender, EventArgs e) { Thread thread1 = new Thread(ne ...

  6. H5中实现加载更多的逻辑及代码执行。

    H5中加载更多的逻辑总结: 1.首先,需要三个底部的提示,分别是“加载中”.“--我是有底线的--”.“暂时没有记录”,当然,这三句话根据不同的项目,可以自定义.具体代码例子如下: <div c ...

  7. CTF入门(一)

    ctf入门指南 如何入门?如何组队? capture the flag 夺旗比赛 类型: Web密码学pwn 程序的逻辑分析,漏洞利用windows.linux.小型机等misc 杂项,隐写,数据还原 ...

  8. mybatis-generator 插件

    首先肯定要有mybatis的依赖 <!--mybatis spring--> <dependency> <groupId>org.mybatis.spring.bo ...

  9. [RN] React Native 常见基本问题归纳总结

    [RN] React Native  常见基本问题归纳总结 本问题总结涉及到版本为: "react": "16.8.3","react-native& ...

  10. 验证和交叉验证(Validation & Cross Validation)

    之前在<训练集,验证集,测试集(以及为什么要使用验证集?)(Training Set, Validation Set, Test Set)>一文中已经提过对模型进行验证(评估)的几种方式. ...