I've been trying to find a solution to this problem of mine. I think I'm close, but it's late and I'm tired.
What I'm trying to do is lock a specific user down to a single directory ("/QA" in this example) and deny my QA testers access to the rest of the repo. However, my error eludes me because for some reason the "testers" group can access the full repo (undesirable).
Below are my configs for apache.
Authz:
[groups]
admins = admin1
coders = user1, user2,
designers = user3
testers = user4
[/]
* =
@admins = rw
[myrepo:/]
* =
@testers =
@designers =
@coders = rw
[myrepo:/QA]
* =
@testers = r
@coders = rw
@designers = rw
Apache Config:
<Location /svn>
LimitXMLRequestBody 0
LimitRequestBody 0
DAV svn
SVNParentPath /home/svnuser/repositories
<IfModule mod_authz_svn.so>
AuthzSVNAccessFile /home/svnuser/svn/authz
</IfModule>
AuthUserFile /home/svnuser/svn/passwd
AuthType Basic
AuthName "My repos"
Require valid-user
</Location>
Other checks:
- dav && dav_svn are loaded into apache.
- password file works alright.
- I doubt it matters, but I do proxy svn on non-http port through a local nginx install because I already had it installed and didn't want to fight ports. SVN works as it should so this is a non-issue I think.
note: unsure if this is serverfault
or stackoverflow
material.
Best Answer
Permissions are inherited from parent, you have to write only changes from parent in each node