> > Alternative to waiting: export the repository twice (two location
> > blocks).
> > Once with mod_authz_svn set up, and once with:
> >
> > <LimitExcept OPTIONS GET PROPFIND REPORT>
> > Deny from All
> > </LimitExcept>
> >
> >
> > Sander
On Sat, Aug 23, 2003 at 04:17:27PM -0400, Francois Beausoleil wrote:
> Thanks,
>
> That would not work though. I want some parts of it protected and others
> publicly available.
>
Note that the apache basic auth allows you to have fairly fine grained
access control by using multiple <LocationMatch> sections in which you
can define different Limit/LimitExcept blocks. I've used this to have
different subdirs in the repository write-able by different users but
readable by everyone.
For example, the following should allow anonymous read access to the
entire repository except for subdir 'privateDir'. Only members of group
svn_committers can make changes and only members of group topsecret can
do anything to privateDir:
<Location /svn/repos>
DAV svn
SVNPath /path/to/repos
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/passwd
AuthGroupFile /path/to/group
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group svn_committers
</LimitExcept>
</Location>
<LocationMatch "^/svn/repos/privateDir">
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/passwd
AuthGroupFile /path/to/group
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group topsecret
</LimitExcept>
<Limit GET PROPFIND OPTIONS REPORT>
Require group topsecret
</Limit>
</LocationMatch>
Hope that helps. BTW, where should I look for info on mod_authz_svn?
What does it do that the vanilla apache auth stuff doesn't?
+ seth
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 25 18:51:56 2003