I figured this out, and thought I share it, as I couldn't find anything remotely similar on the interweb.
OTOH I'm sure you all know all about this, and there are articles everywhere and I'm just being dumb.
I wanted a password protected svn, with some people read only and others read-write, across multiple repositories.
## your svn url is .../svn/repository/reponame
## first set up the /svn part
## enable DAV svn and require any user from the password file for any action
## this will allow everyone who logs in to do anything
<Location /svn>
DAV svn
SVNParentPath /wherever/svn/repository
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/httpd/dav_svn.passwd
Require valid-user
</Location>
## now for each repo appy a stricter constraint
<Location /svn/infrastructure>
# only members of sysadmin group can access infra repo
AuthType Basic
AuthName "Subversion Infrastructure Repository"
AuthUserFile /etc/httpd/dav_svn.passwd
## create a groups file
AuthGroupFile /etc/httpd/dav_svn.groups
## the only people who can acces this one are the group members
Require group sysadmin
</Location>
<Location /svn/projects>
AuthType Basic
AuthName "Subversion Projects Repository"
AuthUserFile /etc/httpd/dav_svn.passwd
AuthGroupFile /etc/httpd/dav_svn.groups
## only members of commiters group can commit
## but any valid user can checkout and browse
## because we're using limit except to narrow
## the restrictions
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group committers
</LimitExcept>
</Location>
Neat?
Or weel kent?
Towards an Information Operations Kill Chain
-
Cyberattacks don't magically happen; they involve a series of steps. And
far from being helpless, defenders can disrupt the attack at any of those
steps. T...
2 hours ago
Comments:
blog comments powered by Disqus