Normally all the authorisations for a user/group to access a svn repo via http access are taken care by the “authz” file.
The privileges granted by the authz file can be narrowly “r” and “w”.
There is no specific privilege for the user/group, like only the “adding” access or “deleting” access or “modifying” access.
This comes in a scenario consider,
1. the admin has the privilege to “add” a new file, “delete” an existing file and even “modify” a file. Whereas the privilege granted by “authz” for this is more generically “rw”.
2. the full svn commiters have the privilege to “add” new files and “modify” existing files. Whereas here too the privilege granted by “authz” is more generically “rw”, which can not prevent the commiter from “deleting” an existing file.
3. say some people must only be able to “add” new files but NOT “modify” an existing file.
whereas here too the privilege granted by “authz” is more generically “rw”,which can not prevent the commiter from “modifying/deleting” an existing file.
This is where the svnperms.py and svnperms.conf come into action. The svnperms.py script depends on the svnperms.conf configuration file.
The svnperms.conf has granted specific write accesses as follows:
1. ‘add’ means adding new files.
2. ‘remove’ means deleting the file/dir.
3. ‘update’ means modify the file/dir.
Sample svnperms.py can be downloaded from
Sample svnperms.conf can be downloaded from
My pre-commit looks as follows,
python /path/to/svnperms.py -r $REPOS -t $TXN||exit 1;
1. pre-commit script is in /path/to/repo/hooks/pre-commit.
2. it must be made executable.
By default, this python script sees the svnperms.conf file in /path/to/repo/conf/svnperms.conf
This is a sample svnperms.conf file:
group1 = user2 user3
admin = user1
trunk/.* = prabhugs,@admin(add,remove,update) @group1(update)
tags/[^/]+/ = prabhugs,@admin(add) @group1(update)
branches/[^/]+/.* = @admin(add) @group1(update)
Here, we have three users (user1, user2, user3), where user1 is in “admin” group and the users “user1” “user2” are in “group1” group.
Here “testrepo” is my repo name.
i) groups are prefixed by “@”
ii) all permissions may be revoked with ()
1. Here, user “prabhugs” and the group “admin” can add/delete/modify any file in the trunk, whereas the users in the group “group1” can ONLY modify the existing files.
2. user “prabhugs” and the group “admin” can add any file in the tags, whereas the users in the group “group1” can ONLY modify the existing files.
3. Note keenly the left-hand-side of “tags” and “branches”. The regular expressions tell us that, “tags” does NOT allow any subdirectories like “tags/abc/xyz” whereas “branches” allows us to add subdirectories like “branches/abc/xyz”