« Security Articles | Main | Rainbow Tables »
Subversion Stuff
By Matt | October 21, 2007
Limiting Access to Subversion Repositories:
This configuration was used for a site which had just one big repository and now wanted to add a new user who would only be able to see their own stuff, not the rest of the companies.
The “proper way” would’ve been to add another root level repository and restrict access by repositories — but that would’ve been more disruptive to their existing workflows, user expectations, etc.
Instead two things were done:
1) Set it so all users had to authenticate via Apache just to view the subversion repositories;
2) Configure an access control file.
In /etc/httpd/conf.d/subversion.conf enable it via this line:
AuthzSVNAccessFile /path/to/repository/access
In /path/to/repostory then create an access file:
# First, let's configure some groups: # Please keep these in alphabetical order -- makes future administration much easier![groups] # This will be used to grant access to all the repositories: all-users = bill, bob, ted# This will be used to grant *explicit* access just to the new guy's repository: Newguy = newguys_name# Rights to browse from the root: [/] * = r @all-users = rw# Explicit denials: [/trunk] @Newguy =[/branches] @Newguy =[/tags] @Newguy =# Explicit Grants: [/trunk/Newguys_Directory] @Newguy = rw
3) Create the “Newguys_directory” in subversion.
Topics: Uncategorized | No Comments »
Comments
You must be logged in to post a comment.