SVNSERVE configuring of access rights' setings

Author: Eugeniy Marilev
Date of publication: 2013-10-31 12:28:22

In this article, we will focus on flexible settings of access rights to the SVN repository, which are controlled by svnserve. In a addition to what has been said previously about the installing and configuring SVN server, let's assume that we have a repository called "test", the root of which is in the folder "/var/spool/svn/ test". To set permissions we want, let us enter and edit the permission file:

sudo nano /var/spool/svn/test/conf/authz
For example, in my case: ubuntu-11.04 it is a configuration file, where the following items are set by default:
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
 
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
 
# [/foo/bar]
# harry = rw
# &joe = r
# * =
 
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r

Let us take a close look at what's going on from now on.

[aliases]

Symbolic links (anchors) are used for the sake of brevity and conciseness of configuration. This example creates a link to "joe" to a long and unreadable username

"/C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average".

[groups]

Groups are defined in order to combine certain people into named sets. Subsequently, the group is used as a separate unit, which is like a user can be empowered.

Access using an absolute path

In the above example, the configuration file defines the rights to the folder "/ foo/bar". The meaning of the following — everything that is after the "[/foo/bar]" and to the next block, starting with "[" - is a list of accesses to the directory "/foo/bar". The chain of access rights is represented by access rules. Each access rule is written on a separate line. The access rule has the following format:

user | &alias | @group | $anonymous | * = r | w | rw | " "

Where,

"user" — the repository username

"alias" - the name of the symbolic link

"group" - a group name

"$ anonymous" - anonymous users

"*" - all users of the repository

"r" - the right to read

"w" — permission to write

"rw" - the right to both read and write

" " - denied any access

Here we must note that if you do not deny access to anonymous users in the main configuration file of the repository - "svnserve.conf", then this is only a default value, and in the authentication file, you can give anonymous users the rights to certain resources. Also, do not forget that the rules are applied chainlike in the calculation to the resource, and in the order that they are described in the configuration file. So be careful! And for the best result at the end of each access block deny any access by the expression - "* -" to all users and groups that you did not list.

Relative access path to the repository

The rule chain for this method is not different from the previous paragraph, the only thing is that the path to the resource is relative to the root of the repository:

[repository:/baz/fuz]

Where "repository" - is the name of the repository (which you used to initialize the repository by "svnadmin create" command), /baz/fuz - the relative path to the root of the repository.

Conclusion

Svnserve has very flexible options for configuring access rights to the repository. It may well be used for serious commercial projects of any complexity, what can not be said about Apache + dav_svn. Next, set up and use with pleasure...

Article comments
Comments:
No results found.
Only logged users can leave comments.