[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: mod_dav_svn + automatic per-directory user authorization

From: m irya <xmirya_at_gmail.com>
Date: Sat, 12 Feb 2011 23:11:29 +0200

Yep, i could manage to get to such configuration, but here's when it
comes to the real difference with your setup: we need to manage a huge
and frequently changing user database, with each user having a small
repository.

>
> Here's the big caveat:  whenever a repository is added or removed (in your
> case, every time a user is added or removed), httpd must be restarted
> because a <Location> entry must be added or removed.

And that's what i'm trying to solve: the users database is not so tiny, so
1) we can't afford restarting httpd on every user added or removed
2) we can't afford duplicating the rules in authz svn access file, i
guess it may be handled inefficiently when it contains too much
records (at least much less efficiently than just requesting the
authorization from MySQL).

I'll try to describe it the other way, one abstraction level upper:
1) the user goes to http://somehost/repo/$something
2) authenticates him/herself as $username:$password (suppose Basic
auth, just will change it to https later)
3) Apache checks the credentials against MySQL database (mod_auth_mysql?)
4) If everything is ok, the user gets a WebDAV access to
/var/repo/$username/$something (regardless of the method, read or
write)

The database may change frequently, adding the user will mean
`svnadmin create /var/repo/$username`, removing will mean `rm -rf
/var/repo/$username`, but i prefer that nothing is done beyond that,
especially no httpd configuration changes and restart, all information
is stored in DB and nothing else should be changed.
Received on 2011-02-12 22:12:09 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.