Some help on mod_dav, svn and Limit-ing access ple

2019-08-02 02:31发布

问题:

Here's the entry in my Apache configuration file

 <Location /svn/repo1>
DAV svn
SVNPath /var/svn/repositories/repo1
AuthType Basic
AuthName "SVNRepo"
AuthUserFile /var/httpd/passwd
Order deny,allow
Require valid-user
<Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
    Require user svn
</Limit>

Not sure if its obvious what I'm trying to do, but I want to allow ANY authenticated user read-only access to the repository, but LIMIT PUT POST etc to only 1 particular (authenticated) user. Haven't been able to crack this, was hoping somebody had come across this before?

Thanks in advance.

回答1:

I would do it the other way around:

<Location /svn>
  DAV svn
  SVNParentPath /var/svn

  # Authentication: Digest
  AuthName "Subversion repository"
  AuthType Digest
  AuthUserFile /etc/svn-auth.htdigest

  Require valid-user

  # Authorization: Authenticated users only for non-read-only
  #                (write) operations; allow anonymous reads
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require user svn
  </LimitExcept>
</Location>

as suggested in for example: http://svnbook.red-bean.com/en/1.6/svn-book.html#svn.serverconfig.httpd.authz.blanket

the location you use (/svn/repo1) indicates you have several svn repositories you would like to manage? If so I would use the per directory config of svn: http://svnbook.red-bean.com/en/1.6/svn-book.html#svn.serverconfig.httpd.authz.perdir It prevents apache server reloads if you need to adjust the permsissions.