Thursday, March 13, 2014

Preventing users from committing specific files to SVN

There was an incident where someone has misuses SVN (Subversion) as a file server which causes the server running out of disk space. I have no choice, in order control such an irresponsible attitude staff; I’m force to implement a security check on each file whenever a commit request has received.

The script is implemented in pre-commit hooks script. This file locate inside the hooks directory of each repository, initially it has a file named pre-commit.tmpl, I’m require to remove the tmpl extension and grant this file with execute access right.

Append the following content into pre-commit file.
#Put all the restricted formats in variable FILTER

# Capture extension token of each new files to be commit
FILES=$(${SVNLOOK} changed -t ${TXN} ${REPOS} | ${AWK} '{ print $NF }') > /dev/null

for FILE in $FILES 
  EXTENSION=`echo "$FILE" | cut -d'.' -f2-`

  if [[ "$FILTER" == *"$EXTENSION"* ]]; then
    echo "Your commit has been blocked because you are trying to commit a restricted file." 1>&2
    echo "Please contact SVN Admin. -- Thank you" 1>&2
    exit 1
Now whenever users commit a file or files having the extension mention in the FILTER, the commit will not be success.

No comments: