Thoughts, rants and commentary from a husband, father of five and professional web geek

Customizing Subversion Permissions

Posted on October 29th, 2007 in Apache Server, Geek Stuff

I spent the better part of the morning this morning learning how to set up Subversion to allow anonymous checkouts of repositories while maintaining authentication requirements for checking in. It was quite a learning lesson, but the Subversion book and several Google searches actually get things working the way I want them.

Anyway, what I had to do was modify my httpd.conf (this could potentially be done in the subversion.conf, but I have virtual hosted my svn repos so I made these changes in my httpd.conf) to change the way permissions were being served. Keep in mind that I am not usering svnserve to serve up my repos but am using Apache instead. The changes that I made to httpd.conf were inside the <Location> block set up for the virtual host for my subversion repos and look like:

<Location /repo-url-path>
  DAV svn
  SVNParentPath /path/to/repos

  # Taken from the sample on path based auth
  AuthzSVNAccessFile /path/to/repos/auth/authz

  # Try anonymous access first, resort to real
  # authentication if necessary.
  Satisfy Any
  Require valid-user

  # How to authenticate users
  AuthType Basic
  AuthName "Everah Projects Code Repositories"
  AuthUserFile /path/to/svn-auth-file
</Location>

As you can see, I created an AuthzSVNAccessFile named authz and put it in a directory called /auth/ that was off of my repos directory root. I then added the SVN instruction to use that file in my httpd.conf.

The next step was to add the Satisfy Any and Require valid-user lines after that but before the AuthType information. This tells SVN to look for permissions in the permissions file and apply those as described in the file. Then SVN is allowed to open up access to those that have it and require validation where it is required.

After I created the authz file I made it look something like this:
# Make groups for easier addition later on of permissions to contributors
[groups]
devs_all = robert
devs_padlock = robert

# NOTE: The repository name in the section header is the directory
# name off of /path/to/svn-repos/
#
# The path portion is the section of that repo. In this case, / means
# the entire friggin thing.
[TestRepo:/]
@devs_all = rw
* = r

[CodeRepo:/]
@devs_padlock = rw
* = r

[SecureRepo:/]
@devs_all = rw
* =

Once this was done, I restarted Apache and the changes were in effect.
[root@myserver /]# apachectl -k graceful

And now I have a Subversion install that allows for anonymous access to some of my repos while others still require authentication. And the repos that allow anonymous access still require authentication for checking in.

Sweet. I like being a nerd.

Resources to help you along the way
Using HTTPd (Apache) as your SVN Server
Authorization Options
Per Directory Authorization
Path-Based Authorization

No Responses to “Customizing Subversion Permissions”

There are currently no comments on this post. But you can change that...

Leave a Reply

Back to top