Mark Phippard wrote on Mon, Jan 03, 2011 at 09:32:49 -0500: > On Fri, Dec 31, 2010 at 11:04 AM, <benjamin.ort...@wellsfargo.com> wrote: > > I'm trying to integrate a SVN Authz authorization file with apache > > configuration files to provide a solution for not just directory level > > restrictions, but also file level restrictions. It's my understanding that > > the SVN Authorization file is not capable of handling file-specific > > restrictions, only directory level. > > This is not true. SVN authz manages "paths" and a path can be a > directory or a file. Of course it has to be the full path to the file > as there is no wild-card support. > > > <Location "/subversion/repo/*/*/*/folder/structure/RestrictedFile"> > > <Limit PUT> > > Require user my_username > > </Limit> > > </Location> >
Did you mean <LocationMatch>? (which takes a regex, not a glob, IIRC) > I am not aware of being able to define rules for paths within a > repository this way. When the SVN client does the commit it does so > against a temporary path, so you cannot use paths in your repository. > I do believe there are people that have written rules against the > temporary paths and if you did so properly then it might work. > > That said, I am also not confident that you can successfully mix the > Subversion authz file with the other Apache require directives. I > have tried in the past to mix authz with the require-ldap-group > directive and the two just do not mix as these directives become > additive. Meaning if either directive would allow the user access > then they get access and you do not get the restrictive behavior of > authz that is desired. > > -- > Thanks > > Mark Phippard > http://markphip.blogspot.com/
