Restricting repository access with authz
From: Justin Mrkva <mail_at_justinmrkva.com>
Date: Sat, 12 Apr 2014 07:48:30 -0400
I have an Apache server running mod_dav_svn and mod_authz_svn with several repositories, each with several projects which each contain the “typical 3” folders, where /svn is the base SVN path for access via HTTPS*. Kind of like this:
/svn
What I want is to control access based on project. For example, I have this svnaccess file for authz (only relevant parts shown):
[repository1:/project1]
[repository1:/project1/trunk]
This works well enough. However, I’d also like users to be able to navigate into their allowed locations using the web interface. If I gave everyone read access to [/] then they could see the repositories. But that would allow them to read the contents of everything as well.
Is there a way to allow users to see certain repositories in the list without giving recursive read access, for example, so that @project1users can navigate to the site in a browser, click “repository1”, then “project1”, then “trunk” without seeing “project2” or “repository2” or being able to access them? I wish there was something like this: (Note: If you want feel free to stop here, or maybe forward the rest of this to the developer mailing list or something.)
[/]
[repository1:/]
[repository1:/project1]
where “l” stands for “list” which will allow a user to see visible directories within it, and “v” stands for “view” which will make it visible in listings for the parent. These would be applied NON-RECURSIVELY. So this would mean, combined with the previous access file:
- The / root would be “listable” which would show viewable subdirectories.
You wouldn’t even need “l” - you could just use the visibility specifier. Additionally, you could implement it so that “v” actually traces backwards. So if this was the case you could just do:
[repository1:/project1]
In that case, the root listing would see that those users should be able to see /project1 so it would allow them to see and click on repository1 and project1 to get to it.
There’s another way this could be implemented without any additional options - if there was a way to apply rw permissions non-recursively. (Well, technically it would still be a new option, but I digress). This would be close, but not quite the same, as the “lv” extensions. Let’s say something like rw* is non-recursive.
[/]
[repository1:/]
[repository1:/project1]
[repository1:/project1/trunk]
Now, root would be readable, but clicking on any other repository would result in an error. The root of repository 1 would be readable, so @project1users could click through to project1, but clicking on project2 would throw an error.
I kind of like the second option, where “v” indicates viewability and it applies to the parent path, allowing the user to click through to the directory, but there are a lot of different ways to do it.
Maybe this would be something to add to the feature list for Subversion 2, whenever that ends up coming out. :)
*Yes, if you’re wondering, I’ve tested for Heartbleed, and this server is secure. :)
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.