 |
|
||||||||
 |
 |
AIT LINUX Support
|
|
||||||
|---|---|---|---|---|---|---|---|---|---|
|
|
||||||||
|
|
||||||||
|
|
|
To get started you need to have read/write access to an
AFS directory. Any such directory will do, but we
recommend to use an AFS project directory for this purpose. Read
section AFS @
PSI for more informations about AFS and project
directories. In the project directory you should create a
sub directory named Access to the repositories is supported via direct access
and via a Subversion/CVS gateway. Direct access to the repository is
possible from anywhere in the world provided that an AFS client
is running on the client system. The gateway allow to access
the repository using either an AFS account or an anonymous
account. The Subversion/CVS gateway is hosted at Currently only the Checking out a repository with the svn co file:///afs/psi.ch/project/linux/svn/trunk Checking out a repository with the svn co svn+ssh://svn@savannah.psi.ch/afs/psi.ch/project/linux/svn/trunk Access to CVS repositories is supported via direct
access and via the gateway with the Checking out a repository with direct access will look like: cvs -d /afs/psi.ch/project/linux/cvsroot co linux An anonymous CVS checkout via the gateway will look like: export CVS_RSH=ssh cvs -d :ext:cvs@savannah.psi.ch:/afs/psi.ch/project/linux/cvsroot co linux All users having an PSI AFS account are able to access Subversion and CVS repositories, either direct or via the Subversion/CVS gateway, assuming that the AFS access control lists (ACL's) are set accordingly. The accounts on the gateway are restricted and can be used for Subversion and CVS access only. A shell login to the gateway is not possible. Section Configuration for Direct Read/Write Access describes how to set the ACL's to grant on authenticated user read/write access to a Subversion repository. Section Configuration for Direct Read/Write Access describes how to set the ACL's to grant on authenticated user read/write access to a CVS repository. External users needing access to a repository can apply for a restricted AFS account, which allows them to use the repository in a well defined way using the same access rights mechanisms as for internal PSI users. Restricted accounts grand access to repositories, either direct or via the gateway. These account do not permit shell login to any PSI system. Thus these accounts cannot be (miss-)used for login to the Linux Login Cluster or a Linux Desktop at PSI. In terms of AFS access lists, externel users are treated the same way as internal users. Anonymous access is granted via direct access and via the
gateway, provided that the AFS ACL's are set accordingly. For
Subversion the anonymous account is mapped to the user
Section Configuration for Read-only Access describes how to set the ACL's for direct anonymous access to a Subversion repository. Section Configuration for Anonymous Read-only Access via the Gateway describes how to set the ACL's for anonymous access via the gateway to a Subversion repository. Section Configuration for Read-only Access describes how to set the ACL's for anonymous access via the gateway to a CVS repository. Since the repositories are in AFS, you have to control access permission with AFS access list. Access list can be defined for users and groups. To keep administration simple, it is best practice to use groups, if more then one user has the permission to access the repository. Normally we have the following kinds of access:
Thus we have up to three groups and each user can clearly be assigned to one of these groups:
|
![[Note]](/images/note.png)