Access Control for Subversion with Apache2 and Authz
My group project at University now consists of three smaller projects that provide an overall RSS service. I want to let the guys work on these, while still letting me keep my other coursework jut accessible to me. At the moment, I just have basic http authentication set-up which isn’t so great for pulling off what I want.
Please welcome on stage the Apache2 mod,
If you followed my other howto, you’ll have all the pre-requisites for this.
First of all, we need to create an Access Control file.
sudo nano /etc/apache2/svn_access_control
In this file, you’ll want to put some rules. I’ll first of all go over these and then provide some examples.
There are only two types of permission:
- Read only -
r- a user can check-out a copy of a project.
- Read and Write -
rw- a user can check-out and commit changes to a project.
These are the same usernames that you have set in your password file that you created in the previous howto. You can always add more users to this file using:
sudo htpasswd2 -m /etc/apache2/dav_svn.passwd bill
When prompted, enter the password for the user.
You specify the above rules in certain locations for the repository. These go between square brackets.
The above will specify rules for the root of the repository.
The above will specify rules for a project named ‘wowapp’ in the trunk location.
You can create groups of users and then use those for rules. You do this under a special heading in square brackets:
[groups] mygroup = dave, mike
This will create a group called ‘mygroup’ which ‘dave’ and ‘mike’ belongs to.
And now for some examples.
[groups] team = bob, bill devteam = bob, barry, brett [/] @team = r bob = rw [/wowapp/trunk] @team = r @devteam = rw brenda = rw
In this example:
- Created a group
teamwhich has two members;
- Created another group, called
devteamwhich has three members;
- In the root of the repository, I’ve given the group
- Also, in the root,
bobhas read and write permissions.
- In the trunk of
wowapp, the group
teamhas read permission.
- Also, the
devteamgroup has read and write permissions.
- And another user, called
brendahas read and write permissions.
Once you’ve created your desired access controll file, save the changes in nano by hitting
CTRL O, hit enter to save the name, then
CTRL X to quit Nano.
We just need to now link this access control file with our Subversion set-up.
sudo nano /etc/apache2/mods-enabled/dav_svn.conf
Here’s the example from the previous how-to:
<Location /svn> DAV svn SVNPath /home/svn AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user </Location>
All you need to add is the following line:
So that the file looks like this:
<Location /svn> DAV svn SVNPath /home/svn AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd AuthzSVNAccessFile /etc/apache2/svn_access_control Require valid-user </Location>
Save the file, and then restart Apache2:
sudo /etc/init.d/apache2 restart
You should now have access control working for Subversion over Apache2.