Subversion all or nothing access to repo tree

Posted by Glader on Server Fault See other posts from Server Fault or by Glader
Published on 2012-09-03T10:38:13Z Indexed on 2012/09/04 3:39 UTC
Read the original article Hit count: 450

I'm having some problems setting up access to my Subversion repositories on a Linux server. The problem is that I can only seem to get an all-or-nothing structure going. Either everyone gets read access to everything or noone gets read or write access to anything.

The setup:

SVN repos are located in /www/svn/repoA,repoB,repoC...

Repositories are served by Apache, with Locations defined in etc/httpd/conf.d/subversion.conf as:

<Location /svn/repoA>
 DAV svn
 SVNPath /var/www/svn/repoA
 AuthType Basic
 AuthName "svn repo"
 AuthUserFile /var/www/svn/svn-auth.conf
 AuthzSVNAccessFile /var/www/svn/svn-access.conf
 Require valid-user
</Location>

<Location /svn/repoB>
 DAV svn
 SVNPath /var/www/svn/repoB
 AuthType Basic
 AuthName "svn repo"
 AuthUserFile /var/www/svn/svn-auth.conf
 AuthzSVNAccessFile /var/www/svn/svn-access.conf
 Require valid-user
</Location>

...

svn-access.conf is set up as:

[/]
* =

[/repoA]
* =
userA = rw

[/repoB]
* =
userB = rw

But checking out URL/svn/repoA as userA results in Access Forbidded.

Changing it to

[/]
* =
userA = r

[/repoA]
* =
userA = rw

[/repoB]
* =
userB = rw

gives userA read access to ALL repositories (including repoB) but only read access to repoA!

so in order for userA to get read-write access to repoB i need to add

[/]
userA = rw

which is mental.

I also tried changing

 Require valid-user

to

 Require user userA

for repoA in subversion.conf, but that only gave me read access to it.

I need a way to default deny everyone access to every repository, giving read/write access only when explicitly defined.

Can anyone tell me what I'm doing wrong here? I have spent a couple of hours testing and googling but come up empty, so now I'm doing the post of shame.

© Server Fault or respective owner

Related posts about apache2

Related posts about configuration