0

I wanted to enable role based access with Apache2 and SVN

I have followed following article and find out authentication can be achieves, but now role based access http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html

But I wanted to protect svn repertories from outside but have 2 different user groups who have read only access and read write access.

I tried to achieve this to a certain extend by defining two different blokes like this but it didn't work for me, also even this works I wont be able to restrict access from public.

  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>

I can see this can be achieved only with SVN (Without combining with apache) How to setup access control in SVN?

But I want to have it with Apache as well.

What is the best way to achieve this ?

Community
  • 1
  • 1
Shanaka
  • 83
  • 2
  • 10

1 Answers1

1

You must to read SVN Book more carefully

  • Read "Blanket access control" section and first example, in which anonymous have not any access
<Location /svn>
  ...
  Require valid-user
</Location>

without <Limit>

Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
  • Thanks for your reply , I understood that but that does not cater my requirement provided I understood it correctly, as per my understanding that will allow protecting the repository, but we cant enable that repository to be protected and one group has only read access but other group has read and write. Please correct me if my understanding is wrong. Thanks in advance. – Shanaka Jul 19 '15 at 10:17
  • @Shanaka - GODDAM!!! I'm totally lost. Can you write your REQs in **short** and **easy plain** English like "I want have grup which can ... and group which can..." – Lazy Badger Jul 20 '15 at 00:04
  • Thanks for your guidance, From your link I've found a solution and implemented it successfully. I have a question though, when we setup SVN with Apache, do we need to start svnserver as well ? What I understand is Apache will handle SVN folder structure with Apache location directive. Am I correct ? – Shanaka Jul 20 '15 at 03:20
  • @Shanaka - with `authz_svn_module` and authz_file all path-based authorization performed by Apache. define only base properties for the SVN-root, subpaths ACLs for different users/grops is a job for authz_file rules – Lazy Badger Jul 20 '15 at 05:38