[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Using Apache Limit directive with SVN

From: Tarek Nabil <Tarek.Nabil_at_dubaiworld.ae>
Date: Tue, 18 Nov 2008 16:20:59 +0400

Hi,

 

I'm aware that this is not the recommended approach by the SVN team, but
we have a requirement to restrict the users who are able to DELETE files
from the repository.

 

Since authz_svn_module only provides two options, i.e. "r" or "rw", I
have resorted to another approach which uses the "Limit" directives of
Apache.

 

I'm using: SVN for win32 v.1.5.4 and Apache 2.2.10 running on Windows XP
(should be moved to Windows Server 2003 if the approach is verified).

 

I've done the necessary configuration and it is working fine from the
Apache side, but I hit another problem; it seems that the requests made
by the SVN client (whether command line or Tortoise) do not exactly
match the HTTP requests expected.

 

For example, I've done the configuration so that only a certain user is
allowed to delete. The problem is when I modify a file and attempt to
commit, Apache is still requiring authentication. The reason is,
although I have not deleted any file, still there's a DELETE request
being sent. I get the following message if I do not enter the username
and password:

 

svn: DELETE of
'/svn/testrepo/!svn/act/a7a8bc40-1a67-774c-87e9-a24bdb88a911':
authorization failed

 

My guess is that this file is internally used by SVN, but that totally
invalidates the whole approach because I can not assume that deleting a
file issues an HTTP DELETE request and adding a file issues an HTTP PUT
request.

 

I'd appreciate if someone could advise on whether this is a valid
approach or not. I'm already aware that the same can be done using
hooks, but I preferred an out-of-the-box approach.

 

The configuration I did is as follows:

 

#SVN repositories

<Location /svn>

  DAV svn

  SVNParentPath D:\svn-repos

  AuthType Basic

  AuthName "Test Repository"

  AuthUserFile "D:\Programs\Apache2.2\conf\svnpasswd"

  <Limit DELETE>

      Require user tnabil

  </Limit>

</Location>

 

 

Best regards,

Tarek Nabil

********************************************DISCLAIMER********************************************
This email and any files transmitted with it are confidential and contain privileged or copyright
information. If you are not the intended recipient you must not copy, distribute or use this email
or the information contained in it for any purpose other than to notify us of the receipt thereof.
If you have received this message in error, please notify the sender immediately, and delete this
email from your system.

Please note that e-mails are susceptible to change.The sender shall not be liable for the improper
or incomplete transmission of the information contained in this communication,nor for any delay in
its receipt or damage to your system.The sender does not guarantee that this material is free from
viruses or any other defects although due care has been taken to minimise the risk.
**************************************************************************************************
Received on 2008-11-18 13:16:21 CET

This is an archived mail posted to the Subversion Users mailing list.