Home  |   About  |   Energy  |   Politics  |   Software  |   Music

24 July 2013

Shared work in a SVN versioned folder with Linux

Here's a test case: two (or more) users work on a common project that is versioned through SVN. Each user has the project checked out on their own environment and regularly commits to the SVN repository. Now the project has to be deployed to a server, being checked out at a particular location where some of its assets are served from. Both users must be able to regularly log on to the server and update the contents of the project folder from the repository. The catch is that neither of the users have admin rights over the server. With the default file system permissions every time a user checkouts the project from the repository the files are re-writen and its permissions attributed to the user, blocking access from other users, and most importantly, from any services depending on these files.

This post presents a recipe for this issue based solely on basic file system permissions. In the end both users should be able to work on the project folder without blocking access to each other.

Assuming that there are already two users created in the system, say user1 and user2, the first thing to do is to create a new user group, here called test:
groupadd test
Then the users must be added to the new group:
useradd -G test user1

useradd -G test user2
In this example the shared project folder will be stored in /srv, where data served by applications should reside:
cd /srv
Checkout the project from the SVN repository:
svn checkout http://myserver/svn/myproject
Change the owning group and owning user of the project folder (randomly to user1):
sudo chown -R user1 myproject/

sudo chgrp -R test myproject/
At this stage user2 isn't yet able to write into the project folder, specific permissions must be granted to the group:
sudo chmod -R g+w myproject/
Now both users can use the project folder but there is still an issue, when one of them creates a new file, or checks out a file from the repository, the owning group will change to the user's default group. To avoid this the SGID bit of the project folder must be set for the group:
sudo chmod -R g+s myproject/
This set up is now sufficient for both users to work in the project folder, but a slight nuisance persists: whenever a new file is created (or is checked out from SVN) its group permissions will be automatically set to read only. Since it continues to belong to the test group, any other user can change these permissions and resume work, but it is an extra task. To avoid this the user creating the file can change his default file creation settings with umask:
umask 002
Better still is to set umask in the user's ~/.profile file.

Both users can now work on the project folder, issuing commits and upgrades without breaking things down.