Andy,
I thought you were off Apache and onto svnserve. Anyway, I sent you this
info last week - maybe you missed it. It is pasted again below. I will
grant to you that it is tricky to set up. The david winter blog post below
spells it out perfectly... for a single repo setup, multiple users. For
multi-user, multi-repo setup see my pasted config files below. One thing to
note that is confusing is that if your repos are at /subversion/repos/repo1
your <Location /svn> stays the same. The /svn bit there is what appears in
the URL address bar, its not a filesystem path.
I have 10 repositories, project1 through project10, physically located on
Ubuntu filesystem at
/svn/project1
/svn/project2
...
/svn/project10
Here is my /etc/apache2/mods-available/dav_svn.conf (the comments come with
the file. This was installed using apt-get on Ubuntu 10.04 LTS.)
<Location /svn>
# Uncomment this to enable the repository
DAV svn
# Set this to the path to your repository
#SVNPath /svn
# Alternatively, use SVNParentPath if you have multiple repositories under
# under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
# You need either SVNPath and SVNParentPath, but not both.
SVNParentPath /svn
SVNListParentPath on
# From
http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
#Order deny,allow
Deny from all
Satisfy any
# Access control is done at 3 levels: (1) Apache authentication, via
# any of several methods. A "Basic Auth" section is commented out
# below. (2) Apache <Limit> and <LimitExcept>, also commented out
# below. (3) mod_authz_svn is a svn-specific authorization module
# which offers fine-grained read/write access control for paths
# within a repository. (The first two layers are coarse-grained; you
# can only enable/disable access to an entire repository.) Note that
# mod_authz_svn is noticeably slower than the other two layers, so if
# you don't need the fine-grained control, don't configure it.
# Basic Authentication is repository-wide. It is not secure unless
# you are using https. See the 'htpasswd' command to create and
# manage the password file - and the documentation for the
# 'auth_basic' and 'authn_file' modules, which you will need for this
# (enable them with 'a2enmod').
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
# To enable authorization via mod_authz_svn
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
# The following three lines allow anonymous read, but make
# committers authenticate themselves. It requires the 'authz_user'
# module (enable it with 'a2enmod').
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
</Location>
Now, here is my /etc/apache2/dav_svn.authz file.
[groups]
group1 = usera, userb, userc, userd, usere
group2 = userc, userb
group3 = userf, userg
group4 = usera, userb, userc, userd, usere, userf
group5 = userh
[/]
@group1 = rw
@group2 =
@group3 =
@group4 =
@group5 =
[project1:/]
@group1 = rw
[project2:/]
@group1 = rw
userg = rw
userf = rw
[project4:/]
@group1 = rw
[project5:/]
@group11 = rw
[project6:/]
@group1 = rw
@group5 = rw
[project7:/]
@group1 = rw
[project8:/]
@group1 = rw
[project9:/]
@group1 = rw
[project10:/]
@group1 = rw
@group4 = rw
There is no need to send you the dav_svn.passwd - it merely lists usera
through userh with their hashed password. You use the htpasswd program to
set your users up.
Here is the email I sent before...
I read (skimmed) all your posts, and I'm a little confused but I think I
know where you're going. I'm not sure if you're using Apache to serve your
repositories. If you are, you should check out this:
http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/
and this https://help.ubuntu.com/community/Subversion
I recently followed the blog above and got everything setup how I think you
want it. You can control user access to multiple repos in three ways, the
blog explains it all, except one thing. I found that this is for
folder-level control on one repository:
[/]
@team = r
bob = rw
[/wowapp/trunk]
@team = r
@devteam = rw
brenda = rw
In my authz control file, multiple repositories are done like this (note the
repo name and colon):
[repoA:/]
@team = r
bob = rw
[repoB:/]
@team = r
@devteam = rw
brenda = rw
I also put websvn on it, and use the configuration option
$config->useAuthenticationFile('/path/to/your/authz/file');
which I found on this stackoverflow
QA<http://serverfault.com/questions/13853/how-do-i-restrict-repository-access-via-websvn>
.
http://serverfault.com/questions/13853/how-do-i-restrict-repository-access-via-websvn
Received on 2011-07-20 17:28:34 CEST