Andy, I thought you were off Apache and onto svnserve. Anyway, I sent you this info last week - maybe you missed it. It is pasted again below. I will grant to you that it is tricky to set up. The david winter blog post below spells it out perfectly... for a single repo setup, multiple users. For multi-user, multi-repo setup see my pasted config files below. One thing to note that is confusing is that if your repos are at /subversion/repos/repo1 your <Location /svn> stays the same. The /svn bit there is what appears in the URL address bar, its not a filesystem path.
I have 10 repositories, project1 through project10, physically located on Ubuntu filesystem at /svn/project1 /svn/project2 ... /svn/project10 Here is my /etc/apache2/mods-available/dav_svn.conf (the comments come with the file. This was installed using apt-get on Ubuntu 10.04 LTS.) <Location /svn> # Uncomment this to enable the repository DAV svn # Set this to the path to your repository #SVNPath /svn # Alternatively, use SVNParentPath if you have multiple repositories under # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...). # You need either SVNPath and SVNParentPath, but not both. SVNParentPath /svn SVNListParentPath on # From http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl #Order deny,allow Deny from all Satisfy any # Access control is done at 3 levels: (1) Apache authentication, via # any of several methods. A "Basic Auth" section is commented out # below. (2) Apache <Limit> and <LimitExcept>, also commented out # below. (3) mod_authz_svn is a svn-specific authorization module # which offers fine-grained read/write access control for paths # within a repository. (The first two layers are coarse-grained; you # can only enable/disable access to an entire repository.) Note that # mod_authz_svn is noticeably slower than the other two layers, so if # you don't need the fine-grained control, don't configure it. # Basic Authentication is repository-wide. It is not secure unless # you are using https. See the 'htpasswd' command to create and # manage the password file - and the documentation for the # 'auth_basic' and 'authn_file' modules, which you will need for this # (enable them with 'a2enmod'). AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd # To enable authorization via mod_authz_svn AuthzSVNAccessFile /etc/apache2/dav_svn.authz # The following three lines allow anonymous read, but make # committers authenticate themselves. It requires the 'authz_user' # module (enable it with 'a2enmod'). #<LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user #</LimitExcept> </Location> Now, here is my /etc/apache2/dav_svn.authz file. [groups] group1 = usera, userb, userc, userd, usere group2 = userc, userb group3 = userf, userg group4 = usera, userb, userc, userd, usere, userf group5 = userh [/] @group1 = rw @group2 = @group3 = @group4 = @group5 = [project1:/] @group1 = rw [project2:/] @group1 = rw userg = rw userf = rw [project4:/] @group1 = rw [project5:/] @group11 = rw [project6:/] @group1 = rw @group5 = rw [project7:/] @group1 = rw [project8:/] @group1 = rw [project9:/] @group1 = rw [project10:/] @group1 = rw @group4 = rw There is no need to send you the dav_svn.passwd - it merely lists usera through userh with their hashed password. You use the htpasswd program to set your users up. Here is the email I sent before... I read (skimmed) all your posts, and I'm a little confused but I think I know where you're going. I'm not sure if you're using Apache to serve your repositories. If you are, you should check out this: http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/ and this https://help.ubuntu.com/community/Subversion I recently followed the blog above and got everything setup how I think you want it. You can control user access to multiple repos in three ways, the blog explains it all, except one thing. I found that this is for folder-level control on one repository: [/] @team = r bob = rw [/wowapp/trunk] @team = r @devteam = rw brenda = rw In my authz control file, multiple repositories are done like this (note the repo name and colon): [repoA:/] @team = r bob = rw [repoB:/] @team = r @devteam = rw brenda = rw I also put websvn on it, and use the configuration option $config->useAuthenticationFile('/path/to/your/authz/file'); which I found on this stackoverflow QA<http://serverfault.com/questions/13853/how-do-i-restrict-repository-access-via-websvn> . http://serverfault.com/questions/13853/how-do-i-restrict-repository-access-via-websvn
