Comments on: Access Control for Subversion with Apache2 and Authz

By: Yandros

Yandros — Tue, 22 Jun 2010 10:45:35 +0000

Hello David...

I'm trying to improve a svn with security groups but in my case, only works correctly the root directory..if I try another directory with any user i can read and write all directories..

My conf

Fichero: /etc/apache2/svnaccesscontrol

[groups] svn = user1, user2 empresa = user3, user4 xx = pepinillo

[/] @svn_sistemas = rw @cimne = rw @xx = rw

[/var/log/svn/empresa] <-- (If i try to enter with pepinillo I can read and write...) @empresa = r @svn = rw

Anyone can help me?

By: kis(s)-it · Trac + Subversion = KISForge

kis(s)-it · Trac + Subversion = KISForge — Wed, 28 Apr 2010 12:48:42 +0000

[...] Access control for Subversion [...]

By: Giovanni

Giovanni — Fri, 18 Dec 2009 09:25:38 +0000

Hello, I configured SVN by Apache and configured ViewVC too. When I connect by browser I have the correct permissions on the directory of the project, but when I try from an SVN client any user can download the full SVN and I don't want this.

I have the following ACL:

[ks:/]

gio = rw fab = rw test = sal = rw

[ks:/trunk/] fab = rw sal = rw gio = rw

[ks:/trunk/testproject/] sal = r fab = r gio = r

[ks:/trunk/ptz/] sal = fab = rw gio = rw

[ks:/trunk/libKS/] sal = rw fab = gio = r

[ks:/branches] * = rw

[ks:/tags] * = rw

From Web the user fab cannot access to the folder /trunk/libKS/ but if the user fab try "svn co ..." he can get all the repository including /trunk/libKS/ . Why? Where is the problem?

I have CentOS 5.2 with apache 2.2.3 (httpd-2.2.3-22.el5.centos.2), moddavsvn-1.4.2-4.el53.1, subversion-1.4.2-4.el53.1

Can someone help me?

By: Vijay

Vijay — Wed, 16 Dec 2009 06:16:11 +0000

Quiet useful but not upto the mark. In real time projects you may need more access control say i have a bunch of 5 developers and i administrate the source archive. All people in the project are granted rw access so that they can check in and our files. But there is also a threat of developers deleting the file from archive by mistake and the file vanishes away. So developers should be masked from delete access on files and only the administrator to have delete access on archive. That’s the way access control should work. Do you have an answer for that? thanks, -Vijay

By: Igor

Igor — Mon, 14 Dec 2009 16:12:16 +0000

Thanks, the best tutorial to configure svn access. Easy and clear and it worked for me in one shot :)

By: Shane

Shane — Tue, 16 Jun 2009 15:45:31 +0000

I have setup an SVN Server for our development department, and have successfully provided access, the problem that I am running into is that I can not limit access to specific repositories or projects/folders in the repository.

My subversion.conf:

DAV svn SVNParentPath /var/www/svn AuthzSVNAccessFile /etc/httpd/conf.d/svn-acl-conf Satisfy Any Require valid-user AuthType Basic AuthName "subversion repository" AuthUserFile /etc/httpd/conf.d/svn-auth-conf

My svn-acl-conf:

names change to protect the innocent...

[groups] admin = user1 developers = dev1, dev2, dev3, user1 externaldev = extdev1, extdev2 readonly = read1, read2

[/] @developers = rw @readonly = r

[/repo1] @developers = rw @readonly = r

[/ext_repo1] @developers = rw @externaldev = rw @readonly = r

If I comment out the root [/] level, or the user/group does not have root level permissions granted in the access control file, I get a "Server sent unexpected return value (403 Forbidden) in response to OPTIONS request for 'http://ampsvr01/svn/repo1' Where repo1 can be any repository or directory name. Essentially root level access is the only option I have which will be unaccepatable if I am using an external development team.

We are using Subversion v1.5.5

Thanks, Shane

By: tim

tim — Wed, 29 Apr 2009 03:54:37 +0000

wonderful. Thanks. Never used modauthzsvn before. You seem to have the only brief, to-the-point, intelligent tutorial on the matter :)

By: cjk

cjk — Fri, 24 Oct 2008 13:49:21 +0000

Just use /etc/init.d/apache2 reload (reload, not restart!)

By: kis(s)-it » Blog Archive » Trac + Subversion = KISForge

kis(s)-it » Blog Archive » Trac + Subversion = KISForge — Wed, 17 Sep 2008 13:43:19 +0000

[...] Access control for Subversion [...]

By: Turn Left

Turn Left — Sat, 28 Jul 2007 15:45:46 +0000

How to Setup Subversion + Apache + WebSVN on Windows...

Subversion is a slick, easy to learn and use version control system for software developers. One nice feature of Subversion is that it runs equally well on Windows and Unix, and it also works over HTTP & HTTPS, which is......