[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Restricting access to a subdirectory of a repository with mod_authz_svn

From: Clyde Jones <cjones_at_exelixis.com>
Date: Wed, 28 Oct 2009 14:00:58 -0700

James R. Marcus <mailto:jmarcus_at_edhance.com> wrote:
> Hi,
> I'm not sure if I'm totally off here but is it possible to
> restrict access to a subdirectory in a repository? I have started
with this:
>
> cat /etc/httpd/conf.d/subversion.conf
>
> <Location /svn>
> DAV svn
> SVNParentPath /usr/local/svnroot
> AuthzSVNAccessFile /etc/httpd/svn/svn-acl-conf
> SVNListParentPath on
> # Limit write permission to list of valid users.
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> SSLRequireSSL
> AuthType Basic
> AuthName "My Realm"
> AuthUserFile /etc/httpd/svn/svn-auth-conf
> Require valid-user
> </LimitExcept>
> </Location>
>
> <Location /svn/code/Secure>
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> SSLRequireSSL
> AuthType Basic
> AuthName "My Realm"
> AuthUserFile /etc/httpd/svn/secure-svn-auth-conf Require
> valid-user </LimitExcept>
> </Location>
>
> In the SVN ACL file I haven't found any information on how to add a
deny
> directive.
>
> thanks,
> James

I do this using LDAP - it should be the same for using the auth file,
there is a lot of information here
http://svnbook.red-bean.com/en/1.1/ch06s04.html

I believe you need to add "Require valid-user" and add a Require group
<your-group-here>

<Location /svn/code/Secure>
    <LimitExcept GET PROPFIND OPTIONS REPORT>
       SSLRequireSSL
       AuthType Basic
       AuthName "My Realm"
       AuthUserFile /etc/httpd/svn/secure-svn-auth-conf
       Require valid-user
*** Require group <yourgroupname> *****
    </LimitExcept>
</Location>

I am trying to figure out what combination of methods gives read only,
so I can have access limited to a subset of groups, and have write
access only to one group. If you know that *please* let me know

Clyde

-- 
Clyde Jones
R&D Informatics
Senior Operations Developer
cjones_at_exelixis.com
Exelixis Inc
650 837 7085 Office
650 228 4699 Cell
This email (including any attachments) may contain material
that is confidential and privileged and is for the sole use of
the intended recipient. Any review, reliance or distribution by
others or forwarding without express permission is strictly
prohibited. If you are not the intended recipient, please
contact the sender and delete all copies.
Exelixis, Inc. reserves the right, to the extent and under
circumstances permitted by applicable law, to retain, monitor
and intercept e-mail messages to and from its systems.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2412256
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-28 22:02:14 CET

This is an archived mail posted to the Subversion Users mailing list.