Can we isolate a user from the mod_authz authentication?
Can we isolate a subversion user using the mod_authz
authentication such that they will only be authenticated to a single subversion repository? Right now we are hosting multiple repositories via apache, and our access_file is global across all repositories. This means if we use the *=r
op开发者_高级运维tion, then all users will have read access. We would like to introduce a user into that environment so they will only have access to a single repo, and they will not be included in other repository access via the *=r
option. Is this type of configuration available?
Thanks, Suresh
You can use the NOT modifier on global scope of the authz file:
[/]
*=
~single_repo_user=r
[single_repo:/]
*=
single_repo_user=r
This reads:
for all repositories, nobody has any permission, except he is not user named single_repo_user, than user has read permission for repository "single_repo" nobody has access except single_repo_user who has read access
So only single_user_repo has no permission. everybody else has read permission.
You can of course just delete the user name out of the htpasswd file..
See more infos here:
http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.pathbasedauthz
精彩评论