Just a record.
I ended up doing the following setting to set up my public repo.
<Location /svn>
DAV svn
SVNPath /var/lib/svn
<LimitExcept GET PROPFIND OPTIONS REPORT>
deny from all
</LimitExcept>
</Location>
really clean, isn't it?
I set up my private to be only accessable by svn+ssh.
This is also simple.
Thank you.
On Dec 16, 2007 1:23 PM, js <ebgssth@gmail.com> wrote:
> Thank you again, Pekka!
>
> But it seems not so easy to implement public/private repos in that way.
> (The requjirement is so simple, though)
>
> I started to think that would be not a good idea to manage two
> totally different kind of data in one big repos.
> (Anyway, What advantage it would have by managing all data in one big repo?)
>
> I would be much easier to do this by creating two different svn repos,
> let's say "~/repos/private" and "~/repos/public" whrer /repos is just directory,
> and only expose public repo to he world through apache.
> When users need to have write access, they request unix account on the box
> and use svn+ssh.
> really private data is hidden away using unix chmod command.
>
> I think this is simple solution for me.
> What do you think of this?
>
>
>
>
>
>
> On Dec 10, 2007 1:57 AM, Pekka Niiranen <pekka.niiranen@pp5.inet.fi> wrote:
> > js wrote:
> > > Hi Pekka,
> > > Thanks for the info.
> > >
> > > But that article doesn't tell me how to prevent users from seeing private data.
> > > Should I have to create another svn repository to do it?
> > >
> > No you do not have to. Google also: "Custom-Compiling Apache and Subversion"
> > (However, I have always compiled Subversion from sources with even
> > tighter settings
> > for Apache than in article above.).
> >
> > Create two directory branches into single repository located in one PC.
> > For example:
> >
> > myrepo/trunk
> > myrepo/releases
> >
> > then create "admin_user" with
> >
> > "htpasswd -m -b -c admin_user......"
> >
> > and "normal_user"s:
> >
> > "htpasswd -m -b normal_user1......"
> > "htpasswd -m -b normal_user2......"
> >
> > Remember to clean ".bash_history" too;)
> >
> > After that set user rights in "svnaccess" -file like this (for example):
> >
> > [groups]
> > users = norma_user1, normal_user2 # Extended this list with new
> > usernames if necessary (Pekka)
> >
> > [/]
> > * = # As default nobody can read anything thru Apache.
> > # root -user can create additional directories from the
> > Linux console with "svn import" (Pekka).
> >
> > [/trunk]
> > admin_user = rw
> >
> > [/releases]
> > admin_user = rw # Admin can make TAGs, but
> > @users = r # users -group can only read them (Pekka)
> >
> >
> > It is important that you plan head by storing "one product"/"one
> > subtree". Then you
> > can make release TAGs by copying whole directory at the time instead of
> > one file at the time.
> > Do not waste your time with BerkeleyDB, use FSFS. Disable nfs, ftp,
> > samba and telnet -services
> > and use OpenSSH to make changes to "svnacess" and "htpasswd" -files.
> >
> > -pekka-
> >
> > > On Dec 9, 2007 10:02 PM, Pekka Niiranen <pekka.niiranen@pp5.inet.fi> wrote:
> > >
> > >> js wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> I'm trying to manage two kind of data, public and private one.
> > >>>
> > >>> The public ones are source code,
> > >>> that I want to be read-write accessable from users who
> > >>> have an account on the server, but read-only for the others.
> > >>> (I could implement this by using svn+ssh)
> > >>>
> > >>> The private ones are configuration files, apache.conf, my.cnf
> > >>> and like that which I don't want to be read by
> > >>> anyone except for me.
> > >>>
> > >>> I tried to implement this by creating one big repository.
> > >>> I did svn mkdir public and private in there and
> > >>> installed mod_dav_svn.
> > >>> Then I added "SVNPath /path/to/svn/public/" to apache's conf
> > >>> and tried browsing it but
> > >>> I got "Could not open the requested SVN filesystem"
> > >>> and didn't work.
> > >>>
> > >>> So Could anyone please give me some advice or any hints?
> > >>> I searched on the web but didn't find exact info.
> > >>>
> > >>> Thanks.
> > >>>
> > >> Hi,
> > >>
> > >> try this article:
> > >>
> > >> "ONLamp.com: Setting up a Secure Subversion Server"
> > >>
> > >> Use svnaccess -file to set up directory rights per user.
> > >>
> > >> -pekka-
> > >>
> > >>
> > >>
> > >
> > >
> > >
> >
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 16 18:45:02 2007