On Mar 19, 2011, at 22:14 , Rodrigo Montenegro wrote: > I have the following repository configuration file for apache: > > <Location /svn/repos/> > AuthType Basic > AuthName "Subversion" > AuthUserFile /srv/svn/svnauth > > DAV svn > SVNParentPath /srv/svn/repos > SVNListParentPath On > > require valid-user > </Location> > > <Location /svn/repos/repo1> > require valid-user > </Location> > > <Location /svn/repos/repo1/trunk/secret> > <LimitExcept GET PROPFIND OPTIONS REPORT> > require user secretowner > </LimitExcept> > <Limit GET PROPFIND OPTIONS REPORT> > require user secretowner > </Limit> > </Location> > > It seems right to me but the odd behavior is that when some valid-user but > secretowner checkouts trunk the folder secret keeps coming as well its > content. > What is wrong?
Only the first of your overlapping <Location> directives has any effect. The other two may as well be deleted. For Subversion, the Apache configuration controls access to an entire repository as a unit. To hide part of a repository from some users, there is path-based authorization. It uses a different mechanism. See the SVN book for details: http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html Note that you can't hide the existence of a forbidden directory, so it's not very secret even when the path-based authorization is working. If you have real secrets you should avoid storing them with your source code. Regards, Steve -- Stephen Butler | Senior Consultant elego Software Solutions GmbH Gustav-Meyer-Allee 25 | 13355 Berlin | Germany fon: +49 30 2345 8696 | mobile: +49 163 25 45 015 fax: +49 30 2345 8695 | http://www.elegosoft.com Geschäftsführer: Olaf Wagner | Sitz der Gesellschaft: Berlin Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194
