Subversion all or nothing access to repo tree
Posted
by
Glader
on Server Fault
See other posts from Server Fault
or by Glader
Published on 2012-09-03T10:38:13Z
Indexed on
2012/09/04
3:39 UTC
Read the original article
Hit count: 454
I'm having some problems setting up access to my Subversion repositories on a Linux server. The problem is that I can only seem to get an all-or-nothing structure going. Either everyone gets read access to everything or noone gets read or write access to anything.
The setup:
SVN repos are located in /www/svn/repoA,repoB,repoC...
Repositories are served by Apache, with Locations defined in etc/httpd/conf.d/subversion.conf as:
<Location /svn/repoA>
DAV svn
SVNPath /var/www/svn/repoA
AuthType Basic
AuthName "svn repo"
AuthUserFile /var/www/svn/svn-auth.conf
AuthzSVNAccessFile /var/www/svn/svn-access.conf
Require valid-user
</Location>
<Location /svn/repoB>
DAV svn
SVNPath /var/www/svn/repoB
AuthType Basic
AuthName "svn repo"
AuthUserFile /var/www/svn/svn-auth.conf
AuthzSVNAccessFile /var/www/svn/svn-access.conf
Require valid-user
</Location>
...
svn-access.conf is set up as:
[/]
* =
[/repoA]
* =
userA = rw
[/repoB]
* =
userB = rw
But checking out URL/svn/repoA as userA results in Access Forbidded.
Changing it to
[/]
* =
userA = r
[/repoA]
* =
userA = rw
[/repoB]
* =
userB = rw
gives userA read access to ALL repositories (including repoB) but only read access to repoA!
so in order for userA to get read-write access to repoB i need to add
[/]
userA = rw
which is mental.
I also tried changing
Require valid-user
to
Require user userA
for repoA in subversion.conf, but that only gave me read access to it.
I need a way to default deny everyone access to every repository, giving read/write access only when explicitly defined.
Can anyone tell me what I'm doing wrong here? I have spent a couple of hours testing and googling but come up empty, so now I'm doing the post of shame.
© Server Fault or respective owner