I'm using a Subversion repository hosted on Dreamhost for a project.
I would like to allow access to some users on a restricted basis. At the very least I would like to allow read-only access to some users, but ideally I would like to prevent some users seeing some parts of repository at all. I can't find user permissions mentioned in the web docs for Subversion though I assume it is there?
I'm used to using Perforce, so what I want is what p4 protect does for Perforce.
Thanks.
I'm not familiar with the specific configuration Dreamhost uses, but the typical way of enforcing permissions is to use the Apache authentication mechanisms. Here's the relevant page from the Subversion documentation:
Have a look at the authz file in the conf/ directory. You can set permissions for specific users and specific directories. In svnserve.conf you can specify if anonymous users have read access or not.
Here's an example from a repository of mine:
[groups]
project1_team = dave, john, andy
[/]
* =
dave = rw
[/project1]
@project1_team = rw
[/project2]
andy = r
What's happening here is that I defined a group of users having full access to project1; dave (which happens to be me) has full access to the entire repository, while andy has read-only access to project2.
The Subversion Book has your answer right here.
Seriously, people: when has it come out of fashion to read even the most basic documentation before pestering other people?
On web hosts, there's typically a configuration file (which can be named anything) to run the authorization. Each repository has a listing like
[my-repository:/]
myuser = rw
Which would give 'myuser' read & write permission on the entire repository. You could also do:
[my-repository/just-this-folder/:]
somejerk: r
Which should do what you want.
See the accepted answer above. However, for Dreamhost specifics, in ~/svn directory there are two files for each repository repo_name.access and repo_name.passwd. Where repo_name is the name you gave your repository. You can edit the repo_name.access file as described in the accepted answer.
Don't forget to chmod 644 repo_name.access after you edit it so that apache can access it.
Directly from documentation:
It's also possible to explicitly deny permission to someone via inheritance rules, by setting the username variable to nothing:
[calc:/branches/calc/bug-142]
harry = rw
sally = r
[calc:/branches/calc/bug-142/secret]
harry =
I can tell this is not true. I configured my SVN by Apache and the "user= " can read the related branch from a subversion client, but via browser (I installed ViewVC as websvn frontend) it doesn't access to that branch. How to fix this? Help me. I'm becoming crazy :D .