[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Restricting HTTP access to a repository portion

From: Francois Beausoleil <fbos_at_users.sourceforge.net>
Date: 2003-11-26 23:56:53 CET

Replied to the list.

For posterity's sake, here's the relevant text from URL:
http://subversion.tigris.org/servlets/ReadMsg?list=users&msgId=283544

Seth's response:

Note that the apache basic auth allows you to have fairly fine grained
access control by using multiple <LocationMatch> sections in which you
can define different Limit/LimitExcept blocks. I've used this to have
different subdirs in the repository write-able by different users but
readable by everyone.

For example, the following should allow anonymous read access to the
entire repository except for subdir 'privateDir'. Only members of group
svn_committers can make changes and only members of group topsecret can
do anything to privateDir:

<Location /svn/repos>
    DAV svn
    SVNPath /path/to/repos
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /path/to/passwd
    AuthGroupFile /path/to/group
    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require group svn_committers
    </LimitExcept>
</Location>
<LocationMatch "^/svn/repos/privateDir">
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /path/to/passwd
    AuthGroupFile /path/to/group
    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require group topsecret
    </LimitExcept>
    <Limit GET PROPFIND OPTIONS REPORT>
        Require group topsecret
    </Limit>
</LocationMatch>

Bye !
François

On Wed, 26 Nov 2003 15:51:54 -0700, "Kevin Rosenberg"
<kevin@rosenberg.net> said:
> Francois Beausoleil wrote:
> > http://subversion.tigris.org/servlets/ReadMsg?list=users&msgId=283100
> > In the thread, Seth Falcon explains how to setup two Location directives,
> > one for public, anonymous access, and the other one for protected access,
> > without using mod_authz_svn.
>
> Thanks for the thoughts. Looking through the archive it seems like
> locationmatch may help. Unfortunately, I've not been able to browse
> that thread and see Seth's response. I'll keep rooting around but I'm
> getting an "Message not found" error pages when trying to follow "Next
> in Thread" links.
>
> --
> Kevin Rosenberg
> kevin@rosenberg.net
Developer of Java Gui Builder
http://jgb.sourceforge.net/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 26 23:57:48 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.