mod_dav_svn: apache authentication

From: Robert Spier <rspier_at_pobox.com>
Date: 2003-05-27 06:00:05 CEST

I've hunted through the archives and the documentation, and I've come
to the unhappy conclusion that when using apache (mod_dav_svn), the
only way to selectively control write access is with a pre-commit
hook.

The reason: operations that modify the repository tend to use a URL
such as: /repos/!svn/act/90790d4d-32be-0310-9aa5-d593d764d6b9 -- which
could be modifying almost anything, and there's no way for apache to
tell.

So, <Limit> can be used to granularly control _read_ access to the
repository, (because those happen at recognizable paths,) but not
write access.

A big hammer could be used,
<Location /repos/!svn/>
  <Limit>
   require group svncommit
  </Limit>
</Location>

But, that means that anyone in the svncommit group can write to any
part of the repository.

Am I missing something obvious, or is this the way of the world? If I
want granular commit controls, I have to use a pre-commit hook?

Thanks!

-R

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue May 27 06:00:55 2003

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: [patch]: use notifier for wc->wc copy"
Previous message: kfogel_at_collab.net: "Re: FW: FW: Berkeley DB error while opening `changes' table for filesystem [#8143]"
Next in thread: Mukund: "Re: mod_dav_svn: apache authentication"
Reply: Mukund: "Re: mod_dav_svn: apache authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]