I'm doing some maintenance on a private svn server. Authentication is handled through Apache basic HTTP+mod_authz_svn. I need to have it so every user has read/write access, except for a single read-only user. The read-only user still needs to be authenticated, though. I setup my authz config file like this:
[/] * = rw read-only = r
But this doesn't work. The user "read-only" can still commit changes. I can make things read-only for everyone, but the * bit seems to override what I'm trying to set for "read-only."
FWIW, relevant piece of the Apache conf is:
<Location /repos> DAV svn SVNPath ... SVNIndexXSLT "/svnindex.xsl" AuthzSVNAccessFile ... AuthType Basic AuthName ... AuthUserFile ... Require valid-user </Location>
As @jpierson already answered, you can use authz files to define No Access, Read Only or Read Write rules on repository paths. Repository path can represent repository root and any path within repository. I.e. you can specify access rules not only subtrees (folders) but files as well.
On Windows you probably just need to add the user. Then in the VisualSVN command window, you'd right click on "Repositories" (top level artifact) and select "Properties", then click "Add". Ensure "Object Types" has "Users" selected, select your machine from "Locations", and enter the username.
In this case, the read-only user has still write access as it also matches the * group.
A safe way to achieve what you want is to create a group of all users except read-only, e.g.
[groups]
all-but-ro = harry, sally, ...
[/]
@all-but-ro = rw
read-only = r
(alternatively, you might just generate many =rw lines out of the passwd file)
It might be that svn matches from top to bottom - this is not documented, and I didn't test. So try
[/]
read-only = r
* = rw
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With