I have a single SVN repo at /var/svn/ with a few subdirectories. Staff must be able to access the top-level directory and all subdirectories within it, but I want to restrict access to subdirectories using alternate htpasswd files.
This works for our Staff.
<Location />
DAV svn
SVNParentPath /var/svn
AuthType Basic
AuthBasicProvider ldap
# mod_authnz_ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap.example.org:636/ou=people,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org?uid?sub?(objectClass=PosixAccount)"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=staff,ou=PosixGroup,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org
</Location>
Now, I am trying to restrict access to a subdirectory with a separate htpasswd file, like this:
<Location /customerA>
DAV svn
SVNParentPath /var/svn
# mod_authn_file
AuthType Basic
AuthBasicProvider file
AuthUserFile /usr/local/etc/apache22/htpasswd.customerA
Require user customerA
</Location>
I can use Firefox and curl to browse to this folder fine:
curl https://svn.example.org/customerA/ --user customerA:password
But I cannot use check out this SVN repository:
$ svn co https://svn.example.org/customerA/
svn: Repository moved permanently to 'https://svn.example.org/customerA/'; please relocate
And on the server logs, I get this strange error:
# httpd-access.log
192.168.19.13 - - [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 401 401
192.168.19.13 - customerA [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 301 244
# httpd-error.log
[Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Could not fetch resource information. [301, #0]
[Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Requests for a collection must have a trailing slash on the URI. [301, #0]
My question: Can I restrict access to Subversion subdirectories using Apache access controls? DocumentRoot is commented out, so it's not clear that the FAQ at http://subversion.apache.org/faq.html#http-301-error applies.