Submitted by Locutus on Sun, 04/03/2011 - 18:27
When I create an SVN repository in a sub-server, the owner of the associated parent server is only added to the svn.basic.passwd file, but not to the svn-access.conf file.
Consequently, the parent server owner (which is also the sub-server owner) does not get access to the repository. Manually adding the line <server-owner-username> = rw to the file fixes the problem.
(Note: When creating a repository in a non-sub-server, the owner is correctly added to the svn-access.conf file.)
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Mon, 04/04/2011 - 00:13 Comment #1
The bug here is actually in the opposite direction - the top-level server owner isn't an account in the sub-server, so shouldn't get access to the repo at all. Instead, you need to create accounts in the sub-server to grant access to SVN.
I will fix the bug that adds the domain owner to
svn.basic.passwdin the next release.Submitted by Locutus on Mon, 04/04/2011 - 03:39 Comment #2
Hmmm... I think one can be of different opinion here. :)
I hold the view that a sub-server somewhat represents an "ownership hierarchy", i.e. the parent server owner also owns everything related to the sub-server. I mean, why else would I define a sub-server as opposed to a parent server, if not to have common ownership and not have to worry about setting up an owner account? After all, the one thing that differentiates a sub-server from a parent one is the lack of owner account (i.e. sharing that of the parent) in the sub-server.
Following that logic, the parent server owner should be added to have full access to the sub-server repositories, just like he has access to his own repositories, the sub-server home directories (since they're in the
domainssubdirectory) and to management of the sub-server through Virtualmin (since his login has access to sub-servers too).Am I seeing this wrong?
Submitted by JamieCameron on Mon, 04/04/2011 - 12:10 Comment #3
Sort of .. the top-level server owner has control over all sub-servers, but that doesn't necessarily mean he has an account on all sub-servers. For example, even though subserver.com is under toplevel.com , the email address toplevel@subserver.com doesn't exist.
While I suppose this could be implemented in theory, it would go against the way virtualmin associates mailboxes with domains currently. And it adds lots of complication if you move a sub-server to a new owner, or promote it to top-level.
Submitted by Locutus on Mon, 04/04/2011 - 14:49 Comment #4
I sure understand your concerns, and creating an account in the sub-server is not a problem, but maybe I don't really get the issue here. :)
Why does the server owner actually need an account in the sub-server to get SVN access? Can't you just - like I did manually now - add the parent server owner username to the sub-server's
svn-access.conf- like you already add that account to the password file? Would that cause any serious problems?Submitted by JamieCameron on Mon, 04/04/2011 - 23:12 Comment #5
Sure, it could be manually added .. the reason for the current design is that I want to keep a consistent user list for each domain across all services that domain offers, like email, SVN and mysql.
You can just add an extra account with SVN access to the sub-server with the same name as the top-level admin if you like though.
Submitted by Locutus on Tue, 04/05/2011 - 03:58 Comment #6
Okidoki, I get it now.
So the SVN accounts are not actually linked to the Linux system users, like for email or FTP, but are separately managed in the SVN config files.
Two observations that might be of use: It might be a little confusing that, when I e.g. have "@mydomain.tld" as email postfix, a domain user "user1" will get "user1@mydomain.tld" as his login name for email and FTP, a truncated "user1@mydomain.t" for MySQL (okay, that limitation cannot be circumvented I guess), but just "user1" for SVN. At least the SVN username should be listed in the user overview page, under "MySQL username" I think.
Also, you might consider renaming the left-hand menu option "Edit (Mail and) FTP Users" to "Edit Domain Users", since those users also comprise MySQL, SVN, Git and several other things. It's a little misleading to edit those under "Mail" or "FTP users".
Submitted by JamieCameron on Tue, 04/05/2011 - 23:48 Comment #7
Yeah, renaming that is a good idea.. although on the other hand, in most cases they are just mailboxes.
Submitted by Locutus on Wed, 04/06/2011 - 15:53 Comment #8
Yeah, I suppose they are, still I think the confusion when someone has to configure their database/SVN users under "Mail and FTP users" is bigger than that if mail users are found under "Server users". ;)