You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "James R. Marcus" <jm...@edhance.com> on 2009/10/27 02:05:03 UTC
Restricting access to a subdirectory of a repository with
mod_authz_svn
Hi,
I'm not sure if I'm totally off here but is it possible to restrict
access to a subdirectory in a repository? I have started with this:
cat /etc/httpd/conf.d/subversion.conf
<Location /svn>
DAV svn
SVNParentPath /usr/local/svnroot
AuthzSVNAccessFile /etc/httpd/svn/svn-acl-conf
SVNListParentPath on
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
SSLRequireSSL
AuthType Basic
AuthName "My Realm"
AuthUserFile /etc/httpd/svn/svn-auth-conf
Require valid-user
</LimitExcept>
</Location>
<Location /svn/code/Secure>
<LimitExcept GET PROPFIND OPTIONS REPORT>
SSLRequireSSL
AuthType Basic
AuthName "My Realm"
AuthUserFile /etc/httpd/svn/secure-svn-auth-conf
Require valid-user
</LimitExcept>
</Location>
In the SVN ACL file I haven't found any information on how to add a
deny directive.
thanks,
James
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2411569
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Restricting access to a subdirectory of a repository with
mod_authz_svn
Posted by Clyde Jones <cj...@exelixis.com>.
James R. Marcus <ma...@edhance.com> wrote:
> Hi,
> I'm not sure if I'm totally off here but is it possible to
> restrict access to a subdirectory in a repository? I have started
with this:
>
> cat /etc/httpd/conf.d/subversion.conf
>
> <Location /svn>
> DAV svn
> SVNParentPath /usr/local/svnroot
> AuthzSVNAccessFile /etc/httpd/svn/svn-acl-conf
> SVNListParentPath on
> # Limit write permission to list of valid users.
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> SSLRequireSSL
> AuthType Basic
> AuthName "My Realm"
> AuthUserFile /etc/httpd/svn/svn-auth-conf
> Require valid-user
> </LimitExcept>
> </Location>
>
> <Location /svn/code/Secure>
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> SSLRequireSSL
> AuthType Basic
> AuthName "My Realm"
> AuthUserFile /etc/httpd/svn/secure-svn-auth-conf Require
> valid-user </LimitExcept>
> </Location>
>
> In the SVN ACL file I haven't found any information on how to add a
deny
> directive.
>
> thanks,
> James
I do this using LDAP - it should be the same for using the auth file,
there is a lot of information here
http://svnbook.red-bean.com/en/1.1/ch06s04.html
I believe you need to add "Require valid-user" and add a Require group
<your-group-here>
<Location /svn/code/Secure>
<LimitExcept GET PROPFIND OPTIONS REPORT>
SSLRequireSSL
AuthType Basic
AuthName "My Realm"
AuthUserFile /etc/httpd/svn/secure-svn-auth-conf
Require valid-user
*** Require group <yourgroupname> *****
</LimitExcept>
</Location>
I am trying to figure out what combination of methods gives read only,
so I can have access limited to a subset of groups, and have write
access only to one group. If you know that *please* let me know
Clyde
--
Clyde Jones
R&D Informatics
Senior Operations Developer
cjones@exelixis.com
Exelixis Inc
650 837 7085 Office
650 228 4699 Cell
This email (including any attachments) may contain material
that is confidential and privileged and is for the sole use of
the intended recipient. Any review, reliance or distribution by
others or forwarding without express permission is strictly
prohibited. If you are not the intended recipient, please
contact the sender and delete all copies.
Exelixis, Inc. reserves the right, to the extent and under
circumstances permitted by applicable law, to retain, monitor
and intercept e-mail messages to and from its systems.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2412256
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].