Restrict access to one SVN repository (overwrite default)

Posted by teel on Server Fault See other posts from Server Fault or by teel
Published on 2011-02-25T14:25:51Z Indexed on 2011/02/25 15:26 UTC
Read the original article Hit count: 205

Filed under:
|

I'm trying to set up our SVN server so that by default the group developers will have access to all repositories, but I want to override that setting on some certain repositories where I want to allow access only to single defined users (or separate groups)

The current configuration is SVN + WebDAV on Apache2. All my repositories are located at /var/lib/svn/

In dav_svn.authz I currently have

   [/]
   @developers = rw
   @users = r

Now I want to add one repository (let's call it secret_repo) that would only allow access to one user who is also a member of the developers group.¨

I tried to do

   [secret_repo:/]
   * =
   secret_user = rw

Where secret_user is the user I'd like to give access to the repository, but it doesn't seem to work. Currently the server is using Apache's LDAP module to authenticate users from our active directory domain and I'd like to keep it that way if possible.

Also I seem to be able to browse all my repos freely with any web browser, which I'd like to block.

Second problem is that I have webSVN on the server, which is using Apache's LDAP authentication. Everyone who is a member of our domain can access it, so I'd like to hide this secret_repo from websvn listing. It's configured not with parentPath("/var/lib/svn");. Do I really need to remove that and add every repository separately, except the ones I want to hide?

© Server Fault or respective owner

Related posts about svn

Related posts about websvn