|
|
|
|
SVN USER MANAGEMENT README
|
|
|
|
|
==========================
|
|
|
|
|
|
|
|
|
|
Command line script to manage the cpi lab journal users.
|
|
|
|
|
|
|
|
|
|
quick file overview
|
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
|
|
First of all, we talk about the following files and folders:
|
|
|
|
|
|
|
|
|
|
.htpasswd
|
|
|
|
|
README
|
|
|
|
|
authz
|
|
|
|
|
JaneDoe
|
|
|
|
|
|
|
|
|
|
** WARNING: **
|
|
|
|
|
In this list, there is one hidden files: `.htpasswd`. This file is hidden on
|
|
|
|
|
purpose, so ** don't mess with it **.
|
|
|
|
|
|
|
|
|
|
`.htpasswd`: stores the passwords for the users (classical apache htpaswd-file)
|
|
|
|
|
|
|
|
|
|
`README`: this file
|
|
|
|
|
|
|
|
|
|
`authz`: defines the access controll list, so who has access to what
|
|
|
|
|
|
|
|
|
|
`JaneDoe`: folder that holds one svn repository for a user
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Usermanagement with `elab-users`
|
|
|
|
|
-----------------------------------
|
|
|
|
|
|
|
|
|
|
** HINT: ** To run this scipt if the service was deployed to dokku, use this
|
|
|
|
|
command structure `dokku run svn elab-users [command] [name]`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The script `elab-users` provides some options to add and delete users,
|
|
|
|
|
show access information from users and their elab journals. If the scprit
|
|
|
|
|
is called with the `--help` option, the folowing help message is displayed:
|
|
|
|
|
|
|
|
|
|
usage: elab-users [-h] [command] [name]
|
|
|
|
|
|
|
|
|
|
positional arguments:
|
|
|
|
|
command one of the commands: [user, group, add, restricted, retire, password]
|
|
|
|
|
name user or group to perform the command on
|
|
|
|
|
|
|
|
|
|
optional arguments:
|
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
|
|
|
|
|
|
To grant a restricted user access to another folder, you have to carefully
|
|
|
|
|
edit the authz file
|
|
|
|
|
|
|
|
|
|
The following combinations are possible:
|
|
|
|
|
|
|
|
|
|
* `elab-users`: will show a list of all groups and their users
|
|
|
|
|
* `elab-users UserName`: shows the access rights of the user and their lab journal
|
|
|
|
|
* `elab-users group GroupName`: shows a list of all group members
|
|
|
|
|
* `elab-users add UserName`: adds a regular user, creates svn folders and sets a random password
|
|
|
|
|
* `elab-users restricted UserName`: adds a restricted user, creates svn folders and sets a random password
|
|
|
|
|
* `elab-users retire UserName`: moves an existing user to the alumni group, removes his password
|
|
|
|
|
* `elab-users password UserName`: resets the password for an existing user to a new random one
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Grant read writes to restricted users
|
|
|
|
|
-------------------------------------
|
|
|
|
|
|
|
|
|
|
As noted before, if a restriced user should have read access to another
|
|
|
|
|
lab journal, the `authz` file has to be edited manually. Here are two examples
|
|
|
|
|
that grant the user 'JaneDoe' read access to two different lab journals:
|
|
|
|
|
|
|
|
|
|
... snip ...
|
|
|
|
|
|
|
|
|
|
[JohnSmith:/]
|
|
|
|
|
@restricted =
|
|
|
|
|
JaneDoe = r
|
|
|
|
|
|
|
|
|
|
... snip ...
|
|
|
|
|
|
|
|
|
|
[MaxMustermann:/]
|
|
|
|
|
@restricted =
|
|
|
|
|
JaneDoe = r
|
|
|
|
|
MaxMustermann = rw
|
|
|
|
|
|
|
|
|
|
... snip ...
|
|
|
|
|
|
|
|
|
|
This does not apply to regular users, since these have read access to all folders.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hint
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
This readme is written in Markdown. So if you want a nice printout, use a markdown converter first.
|
|
|
|
|
Something like <http://www.markdownviewer.com>
|
