[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Enforcing per project permissions with groups

From: Tom Hodder <Tom.Hodder_at_emap.com>
Date: 2006-10-25 18:00:58 CEST


I am attempting to configure apache/mod_dav_svn to handle per project
group authentication.
I have tried something like;

<Location /repos>
  DAV svn
  SVNPath /data/repos
  #Require group admins
  AuthType Basic
  AuthName "EMAP subversion repository"
  # temporarily using auth text files instead of db backend
  AuthUserFile AuthUserFile
  AuthGroupFile AuthGroupFile

<Location /repos/site1>
        Require group site1

<Location /repos/site2>
        Require group site2

However, this allows users to access the root of the repository. And I
guess do bad things there, as they have write access.

If I include a directive in the <Location /repos> block like;
<Location /repos>
Require group admins

The users cannot get into the sites - and I get a whole bunch of errors
like this;
[Wed Oct 25 16:51:38 2006] [error] [client x.x.x.x] access to
/repos/!svn/vcc/default failed, reason: user user1 not allowed access

Any ideas on how to do this?

(I tried implementing this in the AuthzSVNAccessFile file, but
mod_authz_svn does not include apache groups, and it looks like the
config for this is going to get big, as I have 100 projects/groups and
20 users to configure.)


Tom H

For information about all Emap magazines, radio, TV, events and digital brands, please visit www.emap.com

** For Emap magazine subscriptions & gift offers visit http://www.greatmagazines.co.uk/emap **

The information in this email is intended only for the addressee(s) named above. Access to this email by anyone else is unauthorised.

If you are not the intended recipient of this message any disclosure, copying, distribution or any action taken in reliance on it is prohibited and may be unlawful.

Emap plc and or its subsidiaries do not warrant that any attachments are free from viruses or other defects and accept no liability for any losses resulting from infected email transmissions.

Please note that any views expressed in this email may be those of the originator and do not necessarily reflect those of this organisation.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Oct 25 18:02:05 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.