Tag Archive for 'admin'

Apache Subversion: Access Control Options

Subversion Access Control is a security solution for Apache Subversion that goes well beyond what SVN can provide on its own. To fully understand the benefits of Subversion Access Control, we’ll first look at the fundamental technical differences between Subversion’s built-in security functionality, and WANdisco’s Subversion Access Control product.

Apache Subversion…….

In Apache Subversion, user authentication is performed either through a local passwd file or from an LDAP or Active Directory server. Apache also provides an Authorization Layer for defining more granular control of repository objects, but managing text based rules through the Authz file can become difficult as the number of users and repositories inevitably increases.

…..v.s Subversion Access Control

Subversion Access Control is implemented as a proxy from the local Subversion server. It works directly with your LDAP or Active Directory, meaning you can keep your existing setup.

But what can Subversion Access Control offer you? Here are our ten top features of Subversion Access Control:

1) Easy to install, with no retraining required! Subversion Access Control requires no changes to clients or backend servers, meaning that you can continue to use the Subversion technology you’re familiar with.

2) Easy to use, point and click interface.

3) Access control made easy! The ability to implement and maintain complex security policies with minimal effort.

4) Audit capabilities – every repository access attempt down to the file level is reported, showing user ID, Subversion command, date and time, IP address of the client machine used, and whether access was allowed or denied

5) Unlimited access control – Subversion Access Control can support any size of development organization with any number of repositories and access control rules.

6) Delegated admin – this option allows the root administrator to create teams and delegate admin authority to team leaders.

7) Automatic LDAP synchronization – Subversion Access Control automatically picks up LDAP user and group membership changes and assigns new users to the Subversion team that corresponds to their LDAP group.

8) Instant alerts – your security administrators receive immediate alerts for any access violations.

9) Integrated seamlessly with Subversion MultiSite – Subversion Access Control can be implemented standalone, or in combination with Subversion MultiSite for distributed development teams. With Subversion MultiSite, security policy changes made at one location are immediately replicated to every other to enforce consistency across all sites.

10) Available for uberSVN! – uberSVN is the free, open ALM platform for Apache Subversion that has won a string of industry awards and received an overwhelmingly positive response from the Subversion community. For those who want to combine this award winning platform with a fully functional security solution, Access Control is available through the uberAPPS store.

Here’s just some of the benefits of deploying this enterprise-level Access Control functionality with uberSVN:

  • Full authorization/authentication
  • Define Access Control rules through a simple point-and-click interface
  • Delegated admin control
  • Define control within each Team/sub-Team to a granular level
  • Assign Team Leaders
  • Audit capabilities
  • Support for ecosystems without internet access

Interested in finding out more about access control options? We’ll be running a free Subversion training webinar on November 15th that covers the pros and cons of the following methods of access control:

  • Apache Subversion access control
  • Hook scripts
  • uberSVN
  • Subversion Access Control from WANdisco

Visit the ‘Access Control Options with Subversion’ webinar page now to register. Remember that spaces are limited, so register now to avoid missing out.

Admin’s Guide to uberSVN

uberSVN is a major new product designed to transform Apache Subversion into a complete, open and extensible platform for ALM that empowers its user base by giving them the widest choice of toolsets, with no vendor lock-in. uberSVN has many great features for Subversion developers, but it also comes with a web interface designed to make administrating Subversion easier. In this step-by-step guide, we will look at the functionality accessible through uberSVN’s designated ‘Administration’ tab. (Note that this tab is only visible to users with administration privileges.)

Getting an Overview

A general overview of the current state of both uberSVN and the Subversion server, can be seen by selecting the ‘Status’ tab.

The ‘Status’ page consists of:

1) Notices – all system changes and messages are listed here. You can also post new notices from this page, which will appear on the main dashboard marked with a red pin, to indicate that they are administrator announcements.

2) Send emails to all users – select this checkbox to send announcements to all users via email. You can also make new announcements from this page.
3) Subscription options – toggle between subscribing to administration updates by email, and unsubscribing.
4) uberSVN statistics – this box provides an overview of the uberSVN server’s statistics.

These statistics include:

  • Number of Repositories – this does not include any repositories that are in place on the server’s drive, but have been deleted from uberSVN.
  • Total Size of Repositories – the amount of disk space used by the repositories. Again, this figure does not include items that have been deleted from uberSVN, but still exist on the server.
  • Number of users created or imported onto the server.
  • Number of teams that have been created on the server.

5) System statistics – this box provides an overview of the system’s status.

  • Systems OS name – the operating system of the server where uberSVN is running.
  • Number of CPUs – the number of processors/cores within the server’s processor.
  • Total System Memory – the total memory the uberSVN server has installed.
  • Total Free Memory – total remaining free memory.

6) Server Status – this box provides an overview of the current state of Apache and uberSVN.

  • Subversion Apache – a green light means that Apache is running; a red light means that it is not.
  • uberSVN – again, a green light indicates that Apache is running; a red light means that it is not.
  • You also have the option of stopping and restarting the Subversion server, and stopping uberSVN using the icons on this screen. If you perform any of these actions, a notification will automatically be published on the dashboard to alert the rest of the team.

7) Uptime – this screen displays how long the server and uberSVN have been running.

  • System – how long the system has been running.
  • uberSVN – how long uberSVN has been running.
  • Last configuration reload – the time and date of the last Apache restart (this is automatically triggered whenever a change is made to the Apache config file.)

Useful Admin Features

In addition to getting an overview of the status of uberSVN, administrators can manage uberSVN through the various tabs in the ‘Administration’ section. These include:

  • Apache Server – handles user access to the repositories. From this tab, administrators can perform tasks such as changing the port that Apache will use, and encrypting Apache traffic using SSL.
  • uberSVN Server – allows you to manage uberSVN’s server settings.
  • Preferences – allows you to manage various uberSVN settings, such as the Quick Links and Twitter account displayed on the dashboard. It is also possible to disable the Social Interface from this screen.
  • Email server – manages the emails sent out by uberSVN.
  • Logs – provides access to the system logs for uberSVN, Subversion and Apache.
  • Updates – helps administrators keeps track of new releases of components, and select which ones they want to install.
  • SVN Switch – this tab allows administrators to toggle between Subversion 1.6 and 1.7 binaries. Subversion 1.6 is selected by default, and if stability is your main concern then it’s recommended you stick with the 1.6 binaries. If you do not have Subversion 1.7 on your system, you will need to add these binaries using uberSVN’s update tool (accessible through the ‘Updates’ tab.) Once installed, you can return to the SVNswitch tab, and make the switch. To change your installation, select the binaries you wish to switch to, and click apply.

When you hit ‘Apply’ you will see a ‘Preparing to change the Subversion binaries’ message. You will need to restart uberSVN to complete the switch.

Subversion Tip of the Week

Admin Best Practices

Apache Subversion users have the freedom to structure their repository according to a project’s particular needs, but if you don’t implement a logical project layout, you’re running the risk of creating an administrative nightmare. Here are some general rules worth bearing in mind when creating a new Subversion repository, to ensure all that freedom doesn’t lead to complications.

  • The code in the trunk should be stable – all experimental development should be confined to separate branches.
  • Consider CI and automated regression testing – these can help ensure there is no regression in the all-important trunk. uberSVN users can download the popular Jenkins open source CI server for free from inside their installation.

  • Make snapshots of your project – tags should be used to make snapshots of your project at certain points during the development process (e.g tagging a snapshot as ‘Release 1.0.’) It is also good practice to make snapshots of your project before implementing major new features. This makes it easier to roll back and effectively ‘undo’ the new feature, if required.
  • Take care when making structural changes – structural changes should always be performed on the trunk, when there are no branches waiting to be merged. This can help development teams avoid serious and time-consuming conflicts.
  • Use changelists – if you are working on several different issues simultaneously, there is a risk of losing track of which files relate to which issue. In these situations, it can be helpful to organize your files into ‘Changelists.’ Changelists can be created either from the commit dialog, or the ‘Check for modifications’ dialog. In this example, we’ll look at creating a changelist from the commit dialog:

1) Highlight the files you wish to place into a changelist, right-click and select ‘Move to changelist.’ In this example, we’ll be creating a new changelist.

2) Enter a name for your changelist and select ‘Ok.’

3) Your modified files will now be automatically organized according to the new changelist. This allows you to see at-a-glance, which modifications have been made for each task, and to commit these changes separately.

Want to work for WANdisco?

Want to work in an exciting, fast-paced environment? At WANdisco, we offer a range of employee benefits, including flexible working hours, company-subsidised nights and days out (there’s plenty of photos of Team WANdisco out-and-about at our Flickr) and unlimited, paid vacation (yes, really!) Our Sheffield, UK office also comes complete with some in-office extras: a dartboard, table tennis, and helter skelter! And the good news is, we’re hiring! We’re currently looking to recruit:

    • Subversion Trainer & Training Coordinator
    • Support Engineer
    • Subversion / CVS administrator
    • DevOps Engineers
    • Web Developer
    • Senior Java Engineer
    • Open Source Software Developer

 

….and more! Check out our Careers page for the latest list of roles.

Don’t see your dream job on the list? We’re on the look out for the best talent out there, not titles. If you’re smart, enthusiastic and want to work in a fast paced environment send us your idea – we carefully review every suggestion.)

Intro to Subversion Access Control 4.1

Big plans are brewing at WANdisco for 2012, and one project that has just been completed, is Subversion Access Control 4.1.

Access Control 4.1 includes a revamped user interface. The new look makes it easier for users to navigate through the security features offered by Access Control and setup new rules and permissions for Subversion repositories and paths.

The ‘Group’ concept has been replaced with “Teams’ and a new feature has been added to allow the designation of “Team Leader” who is then granted some administrator privileges. Specifically, the Team Leader is able to setup user access rules to a pre-defined repository path (or paths).

We are calling this new feature Delegated Admin since it allows granting of some administrator privileges to users. The context of how this feature could be used might be best described in terms of business units for an enterprise corporation. Consider the following scenario.

A company has 100 Apache Subversion users split into 10 teams, each associated with a separate BU, each team has its own Subversion repository. In the past, Access Control admin can go in and setup repository security rules that applies to all 100 users and repositories. With delegated admin the Access Control administration can create 10 new Teams and assign a Team Leader to each one, specifying the Repository that team should have access to. From there, the Team Leader can log into the system, add/remove the users for the team, and setup multiple rules needed to properly manage those Subversion assets.

Effectively what delegated admin does is allow Team Leaders, people in charge of their respective Business Units, to define and configure their own team rules. Access Control supports the concept of nested-teams which is called Sub-Teams (see screenshot) and this would even allow you to further organize teams from larger sections into multiple sub-sections (eg: West Coast Branch –> Plugins Team; West Coast Branch –> Application Team) and designate a team leader at each level to manage users and rules.

The role of the Access Control administrator now is to simply define Team Leaders and the resources which they can direct access over. Once defined the Team Leader can only create rules that affect their resources meaning the West Coast Branch won’t be able to setup access rules for the East Coast Branch’s repositories and vice-versa.

The ability to delegate some administrator functionality to Team Leaders, and in the context of specific Subversion paths and repositories, is a powerful new feature that will empower enterprise organizations and save time and money. Team Leaders are able to set access restrictions based on the need and requirements of their given team or business unit and no longer have to rely on a single administrator to do that for them.