tags:

views:

805

answers:

2
+1  Q: 

Single read-only user for svn

I'm doing some maintenance on a private svn server. Authentication is handled through Apache basic HTTP+mod_authz_svn. I need to have it so every user has read/write access, except for a single read-only user. The read-only user still needs to be authenticated, though. I setup my authz config file like this:

[/]
* = rw
read-only = r
But this doesn't work. The user "read-only" can still commit changes. I can make things read-only for everyone, but the * bit seems to override what I'm trying to set for "read-only." FWIW, relevant piece of the Apache conf is: 
 <Location /repos>
   DAV svn
   SVNPath ...
   SVNIndexXSLT "/svnindex.xsl"

   AuthzSVNAccessFile ...

   AuthType Basic
   AuthName ...
   AuthUserFile ...
   Require valid-user
 </Location>
+1  A: 

In this case, the read-only user has still write access as it also matches the * group.

A safe way to achieve what you want is to create a group of all users except read-only, e.g.

[groups]
all-but-ro = harry, sally, ...

[/]
@all-but-ro = rw
read-only = r

(alternatively, you might just generate many =rw lines out of the passwd file)

It might be that svn matches from top to bottom - this is not documented, and I didn't test. So try

[/]
read-only = r
* = rw
Martin v. Löwis  2008-11-11 20:32:14
+1: _Exactly_ what I was going to say :-)
alastairs  2008-11-11 20:33:09
I tried the reverse matching, doesn't work.Is there a way to make the group automatically? I'd rather not have to rebuild this file whenever a user is added to the server.
iconoplast  2008-11-11 20:56:09
If that is the complete file - what is the problem with building it automatically?
Martin v. Löwis  2008-11-11 22:35:54
A: 

Hmmm, the previous posts may be correct on the ACL order, but...

My configuration includes

AuthzSVNAccessFile "<path-to-svn-acl-file>"

Might this also be a problem?

Ken Gentle  2008-11-11 20:41:38

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?