Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Single read-only user for svn

Tags:

svn

I'm doing some maintenance on a private svn server. Authentication is handled through Apache basic HTTP+mod_authz_svn. I need to have it so every user has read/write access, except for a single read-only user. The read-only user still needs to be authenticated, though. I setup my authz config file like this:

[/]
* = rw
read-only = r

But this doesn't work. The user "read-only" can still commit changes. I can make things read-only for everyone, but the * bit seems to override what I'm trying to set for "read-only."

FWIW, relevant piece of the Apache conf is:

 <Location /repos>
   DAV svn
   SVNPath ...
   SVNIndexXSLT "/svnindex.xsl"

   AuthzSVNAccessFile ...

   AuthType Basic
   AuthName ...
   AuthUserFile ...
   Require valid-user
 </Location>
like image 717
iconoplast Avatar asked Nov 11 '08 20:11

iconoplast


People also ask

How do I restrict access in SVN?

As @jpierson already answered, you can use authz files to define No Access, Read Only or Read Write rules on repository paths. Repository path can represent repository root and any path within repository. I.e. you can specify access rules not only subtrees (folders) but files as well.

How do I add a user to VisualSVN?

On Windows you probably just need to add the user. Then in the VisualSVN command window, you'd right click on "Repositories" (top level artifact) and select "Properties", then click "Add". Ensure "Object Types" has "Users" selected, select your machine from "Locations", and enter the username.


1 Answers

In this case, the read-only user has still write access as it also matches the * group.

A safe way to achieve what you want is to create a group of all users except read-only, e.g.

[groups]
all-but-ro = harry, sally, ...

[/]
@all-but-ro = rw
read-only = r

(alternatively, you might just generate many =rw lines out of the passwd file)

It might be that svn matches from top to bottom - this is not documented, and I didn't test. So try

[/]
read-only = r
* = rw
like image 67
Martin v. Löwis Avatar answered Oct 26 '22 16:10

Martin v. Löwis