You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Felix Collins <fe...@keyghost.com> on 2006/02/27 22:49:42 UTC
Apache config using mod_authz_svn for non-svn location (Trac)
Hi, I am trying to restrict access to some other locations in my Apache config.
It happens that I am running Trac and that the locations of the Trac projects
are (not surprisingly) identical to the svn projects. eg.
SVN project: myserver/repos/myproject
Trac project: myserver/trac/myproject
Trac already provides a way to restrict the built in source browsing (via Trac)
based on the svnauth file. However there is no way to restrict access to the
other parts of the Trac project based on the svn access.
What I want is to only allow people to acccess the Trac projects that match the
SVN projects to which they have access. This sort of project wide access
control is not done by Trac as it is considered to be the responsibility of the
web server.
What I'm wondering is could I use mod_authz_svn in my Trac location to limit
access? Does anyone know how mod_authz_* modules work? Could I simply put a
AuthzSVNAccessFile "C:/svnaccessfile.txt"
directive in my other location?
Thanks for any pointers on this or other ideas. I would hate to have to put the
access restrictions in the conf file.
Regards,
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Apache config using mod_authz_svn for non-svn location (Trac)
Posted by Felix Collins <fe...@keyghost.com>.
It seems to work fine. I set the following:
#Restrict access to Trac projects based on SVN access rights
SVNParentPath D:/tracdb
AuthzSVNAccessFile "C:/svnaccessfile.txt"
in my httpd.conf in the location that serves out the Trac projects. tracdb is
the root directory for the projects.
users must have access granted in the svnaccessfile.
If a user has r access they can view tickets but not do anything that requires
a POST. if the have rw they can do it all.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org