Mark Phippard wrote on Mon, Jan 03, 2011 at 09:32:49 -0500:
> On Fri, Dec 31, 2010 at 11:04 AM, <Benjamin.Ortega_at_wellsfargo.com> wrote:
> > I'm trying to integrate a SVN Authz authorization file with apache
> > configuration files to provide a solution for not just directory level
> > restrictions, but also file level restrictions. It's my understanding that
> > the SVN Authorization file is not capable of handling file-specific
> > restrictions, only directory level.
>
> This is not true. SVN authz manages "paths" and a path can be a
> directory or a file. Of course it has to be the full path to the file
> as there is no wild-card support.
>
> > <Location "/subversion/repo/*/*/*/folder/structure/RestrictedFile">
> > <Limit PUT>
> > Require user my_username
> > </Limit>
> > </Location>
>
Did you mean <LocationMatch>?
(which takes a regex, not a glob, IIRC)
> I am not aware of being able to define rules for paths within a
> repository this way. When the SVN client does the commit it does so
> against a temporary path, so you cannot use paths in your repository.
> I do believe there are people that have written rules against the
> temporary paths and if you did so properly then it might work.
>
> That said, I am also not confident that you can successfully mix the
> Subversion authz file with the other Apache require directives. I
> have tried in the past to mix authz with the require-ldap-group
> directive and the two just do not mix as these directives become
> additive. Meaning if either directive would allow the user access
> then they get access and you do not get the restrictive behavior of
> authz that is desired.
>
> --
> Thanks
>
> Mark Phippard
> http://markphip.blogspot.com/
Received on 2011-01-04 21:16:29 CET