3

I am setting up an svn server using mod_dav_svn. I would like to satisfy all of the following:

  • Collection of repositories resides at repos.example.com/ NOT repos.example.com/svn
  • Non-svn content is available from the same server at repos.example.com/repo-style. This is to enable styling information. I am okay with the fact that I will not be able to have a repo with that name.

Here is the present configuration:

<VirtualHost *:80>
  ServerName repos.example.com

  <Location />
    DAV svn

    AuthType Basic
    AuthName "Log In"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    AuthLDAPURL ldap://***
    AuthLDAPBindDN ***
    AuthLDAPBindPassword ***
    require valid-user

    SVNListParentPath on
    SVNParentPath /mnt/repos/svn
    SVNIndexXSLT /repo-style/svnindex.xsl
    AuthzSVNAccessFile /mnt/repos/svn-auth/access
  </Location>
</VirtualHost>

The issue with the above is that when a request comes in for repos.example.com/repo-admin mod_dav_svn replies saying that the repository does not exist. I need to concoct a rewrite scheme that isolates a request for that particular sub directory and serves regular html or php or whatever instead.

I have tried using re-writes or aliases to achieve this but have not been successful. Any input would be appreciated.

Houston Fortney
  • 96
  • 7

2 Answers2

0

Well, if I get your question right, then you have two options:

First option is to give access to read files for everyone, but for write operations require authorized user. Config sample:

<Location /svn>
  DAV svn
  SVNParentPath /var/svn

  # Authentication type, name, etc.

  # Authorization: Authenticated users only for non-read-only
  #                (write) operations; allow anonymous reads
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

Learn more here: Blanket access control

Second option is to use AuthzSVNAccessFile. This option enables you to have more flexible per-directory and per-project access configuration. Sample config:

[groups]
admin = john, kate
devteam1 = john, rachel, sally
devteam2 = kate, peter, mark
docs = bob, jane, mike
training = zak

# Default access rule for ALL repositories
# Everyone can read, admins can write, Dan German is excluded.
[/]
* = r
@admin = rw
dangerman =

# Allow developers complete access to their project repos
[proj1:/]
@devteam1 = rw
[proj2:/]
@devteam2 = rw
[bigproj:/]
@devteam1 = rw
@devteam2 = rw
trevor = rw

# Give the doc people write access to all the docs folders
[/trunk/doc]
@docs = rw

# Give trainees write access in the training repository only
[TrainingRepos:/]
@training = rw

Learn more here: How does AuthzSVNAccessFile work?

Community
  • 1
Maxim Mazurok
  • 240
  • 2
  • 7
  • Thank you for your answer, however, I am afraid you misunderstood. My question is not about authorization but rather that I want a sub-folder which is not served by svn but is instead conventional html. – Houston Fortney Aug 25 '15 at 23:25
  • Hmm.. Well, I think it is even easier. I will update my answer tomorrow, because it is 2:28 am here and I want to sleep :) can you paste your full httpd.conf (apache config) file, please? – Maxim Mazurok Aug 25 '15 at 23:30
0

According to this question on locations merging order about Apache 2 sections in configuration, only a block declaring <Location /repo-style> may overwrite the declared <Location /> delivering DAV svn.

As a Directory directive will not have priority, the only option is to deliver static content with a Location section, for instance thanks a CGI script quickly written in your favorite scripting langage.

Community
  • 1
Yves Martin
  • 879
  • 3
  • 7
  • 21