The best place to *find* answers to programming/development questions, imo, however it's the *worst* place to *ask* questions (if your first question/comment doesn't get any up-rating/response, then u can't ask anymore questions--ridiculously unrealistic), but again, a great reference for *finding* answers.

My Music (Nickleus)

20120613

restrict non-authorized users from viewing list of svn repositories in apache


i've setup subversion so that each project is its own repository, so there's a list of repositories in /srv/svn/repos.

the configuration below restricts listing the repo names from non-auth'ed users while auth'ed users can see the list.

/etc/apache2/sites-available/default-ssl.svn:
####################
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

LogLevel warn

CustomLog /var/log/apache2/ssl_access.log combined

SSLEngine on

SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key


# requires alias mod: sudo a2enmod alias
# without this, if you try to list repos by visiting /repos instead of /repos/, you'll get an error
Alias /repos "/srv/svn/repos/"


        <Location /repos/>
                DAV svn
                SVNParentPath /srv/svn/repos
                AuthzSVNAccessFile /srv/svn/repos/repo1/conf/authz
                SVNListParentPath on
                AuthType Basic
                AuthName "My Company Repository"
                AuthUserFile /etc/subversion/passwd
                Require valid-user
        </Location>

SSLOptions +StrictRequire

</VirtualHost>
</IfModule>
####################


/srv/svn/repos/repo1/conf/authz:
####################
[groups]
super_devs = superuser1, superuser2
restricted_devs = restricteduser1, restricteduser2

[/]
@super_devs = rw
@restricted_devs =

[repo1:/branches/branchForRestrictedUsers]
@restricted_devs = rw

[repoForRestrictedUsers:/]
@restricted_devs = rw
####################


MODS ENABLED

ls /etc/apache2/mods-enabled/:
alias.conf  auth_basic.load  authz_host.load  autoindex.conf  dav.load      dav_svn.load  dir.load  mime.conf  rewrite.load   setenvif.load  ssl.load
alias.load  authn_file.load  authz_user.load  autoindex.load  dav_svn.conf  dir.conf      env.load  mime.load  setenvif.conf  ssl.conf



i've posted this solution here:
http://www.svnforum.org/threads/35420-SVNListParentPath-AuthzSVNAccessFile-conflict/page2?s=3706b24889a40489495e5155473d0a86
but i'm waiting for a mod to approve my post.

also useful:
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html
Posted by Nickleus at 12:38:00

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)