Reputation: 376
Single read-only user for svn
I'm doing some maintenance on a private svn server. Authentication is handled through Apache basic HTTP+mod_authz_svn. I need to have it so every user has read/write access, except for a single read-only user. The read-only user still needs to be authenticated, though. I setup my authz config file like this:
[/] * = rw read-only = r
But this doesn't work. The user "read-only" can still commit changes. I can make things read-only for everyone, but the * bit seems to override what I'm trying to set for "read-only."
FWIW, relevant piece of the Apache conf is:
<Location /repos> DAV svn SVNPath ... SVNIndexXSLT "/svnindex.xsl" AuthzSVNAccessFile ... AuthType Basic AuthName ... AuthUserFile ... Require valid-user </Location>
Upvotes: 5
Views: 6005
Answers (2)
Reputation: 13357
Hmmm, the previous posts may be correct on the ACL order, but...
My configuration includes
AuthzSVNAccessFile "<path-to-svn-acl-file>"
Might this also be a problem?
Upvotes: 0
Reputation: 127467
In this case, the read-only user has still write access as it also matches the * group.
A safe way to achieve what you want is to create a group of all users except read-only, e.g.
[groups]
all-but-ro = harry, sally, ...
[/]
@all-but-ro = rw
read-only = r
(alternatively, you might just generate many =rw lines out of the passwd file)
It might be that svn matches from top to bottom - this is not documented, and I didn't test. So try
[/]
read-only = r
* = rw
Upvotes: 8
Related Questions
- SVN read-only repository
- Two user accounts for one SVN repository?
- Read only access to svn repository via ssh (svn+ssh)
- Restricting access to SVN for some users
- Setting up a read-only user for SVN-Apache
- Read-only access of Subversion repository
- Using SVN with multiple users
- SVN Password free read and write access
- Hook to make Subversion Read Only for specific users
- How to restrict SVN repository user account to one directory?