Hi,
I just completed the first implementation of mod_authz_svn.
This is a stop-gap for the time we don't have acls in the
filesystem. Note that the config reading is implemented
in a very naive way; the config is reloaded at every request.
So if you see some slowdown, it could be caused by this ;).
Also, there are several things to do left in the implementation.
Search the source for comments marked with XXX.
Nevertheless I feel this is ready to see the day of light
so a few people can play with it. Personally I'd like to
see mod_authz_svn incorporated in the main repository right
next to mod_dav_svn. I'll let others comment on that first
though.
Attached is the source file for mod_authz_svn. Building it
is still a bit painful since I haven't made it into a nice
package with a 'configure' and all that. I'm hoping I don't
have to and can just ride along on the nice svn build system ;).
Compiling and installing:
APXS=/path/to/apxs
SVN_INSTALL_PATH=/path/to/svn
SVN_SOURCE_PATH=/path/to/svn-source
$APXS -c -I${SVN_INSTALL_PATH}/include/subversion-1 \
-I${SVN_SOURCE_PATH}/subversion/mod_dav_svn \
-L${SVN_INSTALL_PATH}/lib -lsvn_subr-1 \
-i mod_authz_svn.c
Then change the httpd.conf file. Add the following line
_after_ the one that loads mod_dav_svn:
LoadModule authz_svn_module modules/mod_authz_svn.so
Next set up your subversion location like so:
<Location /svn> # or whereever
DAV svn
SVNPath /path/to/repos
# Set up digest if you want...
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/htpasswd/file
AuthzSVNAccessFile /path/to/access/file
Require valid-user
</Location>
Note that you are always requiring authentication now. This means
you need a dummy 'anonymous' account for anonymous read only users
now. Hopefully we can get this sorted out in Apache, since it seems
we need to do some more revamping there.
Finally, the access file format:
[groups]
<groupname> = <user>[,<user>...]
[<path in repository>]
@<group> = rw
<user> = rw
* = r
An example (line continued lines are supposed to be on one line):
[groups]
subversion = jimb,sussman,kfogel,gstein,brane,joe,ghudson,fitz,daniel,cmpilato,kevin,philip, \
jerenkrantz,rooneg,bcollins,blair,striker,naked,dwhedon,dlr,kraai,mbk,epg,bdenny,jaa
subversion-doc = nsd,zbrown,fmatias,dimentiy,patrick
subversion-bindings = xela,yoshiki,morten,jespersm,knacke
subversion-rm = mprice
...and so on and so on...
[/]
# Allow everyone read on the entire repository
* = r
# Allow devs with blanket commit to write to the entire repository
@subversion = rw
[/trunk/doc]
@subversion-doc = rw
[/trunk/subversion/bindings]
@subversion-bindings = rw
[/branches]
@subversion-rm = rw
[/tags]
@subversion-rm = rw
[/branches/issue-650-ssl-certs]
mass = rw
[/branches/pluggable-db]
gthompson = rw
...
[/secrets]
# Just for demonstration
* =
@subversion = rw
...and so on and so on...
Enjoy!
Sander
PS. I'm aware that there is no license yet at the top of the file. I want to see
if it goes into the main subversion repos first, prior to tacking on the license
we use in there.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jun 10 14:03:41 2003