开发者

Can we isolate a user from the mod_authz authentication?

开发者 https://www.devze.com 2023-03-21 06:56 出处:网络
Can we isolate a subversion user using the mod_authz authentication such that they will only be authenticated to a single subversion repository? Right now we are hosting multiple repositories via apac

Can we isolate a subversion user using the mod_authz authentication such that they will only be authenticated to a single subversion repository? Right now we are hosting multiple repositories via apache, and our access_file is global across all repositories. This means if we use the *=r op开发者_高级运维tion, then all users will have read access. We would like to introduce a user into that environment so they will only have access to a single repo, and they will not be included in other repository access via the *=r option. Is this type of configuration available?

Thanks, Suresh


You can use the NOT modifier on global scope of the authz file:

[/]
*=
~single_repo_user=r

[single_repo:/]
*=
single_repo_user=r

This reads:

for all repositories, nobody has any permission, except he is not user named single_repo_user, than user has read permission for repository "single_repo" nobody has access except single_repo_user who has read access

So only single_user_repo has no permission. everybody else has read permission.

You can of course just delete the user name out of the htpasswd file..

See more infos here:
http://svnbook.red-bean.com/nightly/en/svn-book.html#svn.serverconfig.pathbasedauthz

0

精彩评论

暂无评论...
验证码 换一张
取 消