Reputation: 2859
apache subversion how to remove user access
Once a while ago I installed apache subversion onto an Ubuntu machine. Then, one of my colleagues took control of it. Recently he quit his job and now i have to remove his user in order to prevent future accesses.
I have read many posts and google a lot. Under conf folder (in each repository), there are authz, passwd, and svnserve files but there is no user in these files, I have checked whether anonymous access is enabled or not and realized that users cannot access anonymously.
I have checked users that have access to repositories with the following command:
svn log -q file:///var/subversion | grep -e '^r' | awk 'BEGIN { FS = "|" } ; { print $2 }' | sort | uniq
and I can see the user name in the output. I also checked Linux user with
cat /etc/passwd
command and the user is not in the list. I also checked http.conf file under /etc/apache2 which is empty and dav_svn.passwd file which only contains my test user.
What I am trying to do is to remove this specific user. Is there any hint for how I can do that?
ps: I believe old commits of this user won't be lost after deletion. Is that right?
Upvotes: 1
Views: 7479
Answers (2)
Reputation: 97282
In assumption, that AuthType Basic was used (in case of Digest command have to be changed to htdigest and options re-checked) correct way have to be (according to htpasswd doc)
- deleting user:
htpasswd -D PASSWDFILE username - replacing passwords (lazy dirty solution without scripting, handwork, may be improved):
htpasswd -b PASSWDFILE username password (password in plain-text in command) for each username
Upvotes: 3
Reputation: 2859
O.K. I got the answer. The path for the file used for passwords is given in the file dav_svn.conf which is under /etc/apache2/modes_available. When I check the path, all the users and passwords were present in the file.
I have put a dollar sign before the user I want to prevent, restarted apache, and problem solved.
The other problem now is, since that person created all accounts, he also knows other usernames and their passwords. I want to change the passwords for all users, however, they are all encrypted. How can I change the user passwords? Should I delete them all and add back again?
Upvotes: 1
Related Questions
- Subversion User Removal
- How do you remove Subversion control for a folder?
- Apache SVN server users management
- How can I prevent access to my subversion repository
- Subversion permission
- disable access to repository
- Subversion restrict user access
- Removing create and delete permissions in Subversion
- Restricting access to SVN for some users
- Setting up a read-only user for SVN-Apache