Limiting SVN access on Ubuntu Server

Normally there are multiple projects on a SVN server, which shall not be accessible by all users who have access to the server. The goal is now to define on a per-project-basis the users who are granted access.

Taggings:

Submitted by Christian Haslinger on Thu, 12/12/2013 - 19:32
1 answer

SVN access limitation on per-user / per-group basis

To be able to restict access on a per-project-basis for each user who has access to a server, there have to be undertaken several steps:

1) Edit /etc/apache2/mods-enabled/dav_svn.conf so that it looks something like

    DAV svn
    SVNPath /var/svn

    AuthzSVNAccessFile /etc/apache2/dav_svn.authz

    Require valid-user

    AuthType Basic
    AuthName "SVN Repository"
    AuthUserFile /etc/apache2/dav_svn.passwd

2) It may be necessary to active the module authz_svn via following command

a2enmod authz_svn

3) According to what we defined above, now all access settings can be configured by editing the file /etc/apache2/dav_svn.authz which may looks something like this:

---------------------------------------------------
[groups]
gruppe1 = username1,username2, ...
gruppe2 = username3

[project1:/]
@gruppe1= rw
@gruppe2 = r

[project2:/]
@gruppe2 = rw

[project3:/]
@admin = rw

[project4:/]
username1 = rw
---------------------------------------------------

As we can see, it is possible to either define groups and grant them access to a certain project (prefixed with '@'), or a single user (where we just use the username, without the '@'). Also it is possible to grant read-only (via 'r') or read-write access (via 'rw').

Submitted by Christian Haslinger on Thu, 12/12/2013 - 19:43

Taggings: