Restrict SVN Users To Certain Directories

×

This post was originally published in 2010
It may contain stale & outdated information. Or it may have grown more awesome with age, like the author.

I needed to set our SVN repository up to allow read-write access for some designers to relevant directories. We needed to prevent read-access to all other directories.

This is how it was done:

First, this line needed to be added to http.conf:

<Location /path/to/svn>
        DAV svn
        SVNPath /path/to/svn_repo
 
        AuthzSVNAccessFile /path_to/svn_serve.conf
 
        AuthType Basic
        AuthName "Subversion repos"
        AuthUserFile /authfile
        Require valid-user
</Location>

And in the ‘svn_serve.conf’ file referenced above:

[groups]
admins=admin
designers=designer1, designer2
[/]
@admins=rw
@designers=
[/templates]
@designers=rw
[/web/css]
@designers=rw
[/web/images]
@designers=rw

The first rule ( [/] ) gives admins full read-write access to the entire file tree, and ensures the designers group has no access at all. The following rules ‘turns on’ access to each directory for the designers group.

Designers can make design-related changes ( so I don’t have to :) ), and the rest of the code remains safe.

No comments | Trackback