Per-Directory Access Control in SVN

Now you have SVN successfully installed on your Ubuntu server, how do you manage the access control of your SVN repository? This article explains this in more detail.

In the article “Install SVN with Web Access on Ubuntu”, I used the this configuration:

[pre]

DAV svn

SVNPath /svn

AuthType Basic
AuthName “Subversion Repository Login Required”
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user

Require valid-user

[/pre]

in file /etc/apache2/mods-enabled/dav_svn.conf. This configuration simply gives users the read and write access to the repository, as long as he/she provides the right username and password, it has no control over who should have read, and who should have write access to the repository.

In order to have a better control over access, we need to add a new line in this configuration file, to tell SVN to read the access rules from a certain file. Add the following line to the configuration file:

[pre]
AuthzSVNAccessFile /etc/apache2/dav_svn.access
[/pre]

Save the file and then open the the access file /etc/apache2/dav_svn.access, actually, it can be any file name and any location you like, add the following rules:

[pre]
[/]
* = r

[:]
user1 = rw
user2 = r
user3 =
[/pre]

If file /etc/apache2/dav_svn.access contains nothing, it simply tells the SVN server to deny any access to the repository. However, you probably need to give at least read access to the root repository to all users, the first two lines in the new file does exactly this. “[/]” means the root directory, “*” means all users and “r” means read access.

As I said before, we need to have more control over the repository access, meaning, not every one can write to the repository, and possibly sometimes need to deny read access to certain directories in the repository. The next few lines in the above example show exactly this. Replace the with your repository name, and with the directory path you want to have access control. If we replace it with [svn:/trunk], it simply tells the SVN server that give user1 read and write access to the trunk directory under root repository, give user2 only read access, and deny user3 any access at all.

Very simple, isn’t it? Now go ahead and configure your SVN server yourself. Remember, since it is an Apache/WebDAN configuration, it requires Apache restart before your configuration takes effect.

Leave a Reply

Your email address will not be published. Required fields are marked *