How to smartly limit source code access for team members?

Question

Previously I've worked alone... Now I may have many collaborators. But I don't want to give full access to the source code (which is controlled now with SVN). Moving to Git or Mercurial is actually not a big deal. But what is the best way and with the least headaches to control security? Where you don't need to enter a command prompt and execute code to change some permissions to limit access to team members every second? Is there a Web control for this?

Answer 1

If you want to limit write access as part of enforcing your development process, have a look at Gerrit, a repository hosting and code review system.

Answer 2

if leaving svn server is not a big deal you can take a look at gitosis or gitolite http://engineeredweb.com/blog/10/2/building-your-own-git-server

Their both allow you to easily manage the security of your repositories

Answer 3

If you are using SVN server under Linux, submin does a great job with protecting branches. It hides the path based authorization from you with an easy to use interface.

Answer 4

As a pre-commit hook on the server you should be able to tell which user is committing and to which branch they're attempting to commit. If you detect that they're trying to commit to either trunk or tags (assuming a standard repository configuration) you could simply fail the commit.

That would limit them to committing to branches. You could then exercise control over which branches are reintegrated into trunk and committed.

Our setup is a little similar in that nothing under tags may be changed after the tag is created.

Answer 5

If you are using a mod_dav setup for SVN with Apache, you can use Path-Based Authorization to limit which directories different people have access to according to predefined group permissions.

There is an extensive tutorial here: Path-Based Authorization in SVN