Michael Hogsett wrote:
> I need to configure my apache config file
> to require authenticated read-only and read-write
> access.
>
> I have 4 users, Alice, Bob, Chuck and Dan
You need two groups, one with read-only and the other with read-write
access then put your people into whichever group is appropriate.
Here is an example which is working for me ...
First the apache configuration
# subversion
# see /usr/share/doc/packages/subversion for the full documentation
#
<IfModule mod_dav_svn.c>
##
## project related HTML files
##
<IfModule mod_alias.c>
Alias /repos /srv/svn/html
</IfModule>
<Directory /srv/svn/html>
Options Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
Order allow,deny
Allow from all
</Directory>
#
<Location /repos>
DAV svn
SVNParentPath /srv/svn/repos
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "repositories"
AuthUserFile /srv/svn/user_access/auth-file
AuthzSVNAccessFile /srv/svn/user_access/access-policy
Require valid-user
</Location>
</IfModule>
#
#
Now the subversion AuthUserFile mentioned above ...
Alice:$apr1$.b8Tc/..$qoHwnT26wYiHwCR525duV0
Bob:$apr1$0Jcpk...$ryDdHgGO6sHGuftvoLiBr/
Chuck:$apr1$2bnqi...$TYb/m2K3VZhOel6xcb2wp/
Dan:$apr1$/LW28...$M9DW7GxunB6s2XGKWeyQ30
Elvis:$apr1$/ccd8...$d9DWrGxu4B6s2sGeWeyf31
# insert new names with ...
# htpasswd -m /srv/svn/user_access/auth-file [new-name]
#
... and now the AuthzSVNAccessFile mentioned above ...
# groups and access policy
[groups]
grpalfa = Alice, Bob
grpbravo = Chuck, Dan
grpcharlie = Alice, Dan
grpdelta = Bob, Dan
grpecho = Elvis
[project_1:/]
@grpalfa = r
@grpdelta = rw
[project_2:/]
@grpecho = rw
[project_3:/]
@grpalfa = r
@grpbravo = r
#
HTH
>
> Alice and Bob need authenticated Read-Only access.
>
> Chuck and Dan need authenticated Read-Write access.
>
>
>
> In my svngroups file I have group REPO containing all 4 users.
> In my svnpasswd file each user is listed with a password set.
>
>
> I have in my apache config :
>
> <Location /svn>
> AuthType Basic
> AuthUserFile /space/svn/conf/svnpasswd
> AuthGroupFile /space/svn/conf/svngroups
> </Location>
>
> <Location /svn/private>
> Dav svn
> SVNParentPath /space/svn/repos/private
> AuthName "There's nothing to checkout here. Use the full repository
> URL"
> # Host-based access control here
> # Order deny,allow
> # Deny from all
> Require valid-user
> Satisfy all
> </Location>
>
> <Location /svn/private/REPO>
> AuthName "Subversion repository for REPO"
> Require group REPO
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require user Chuck Dan
> </LimitExcept>
> </Location>
>
>
> My thought with the final Location block was
> that it would require the group REPO, but to
> perform GET PROPFIND OPTIONS and REPORT it would
> require either user Chuck or Dan.
>
> This is not the case. Alice and Bob can write
> to the repo.
>
> How can I change this to get the behaviour I want?
>
> Thanks
>
> - Mike
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 30 11:35:36 2005