Hello I know this topic has been discussed many times but...
I am very happy with the SSH + 'svnserve' access to my repositories, however due to firewall issues I need access through HTTP as well. What I do not want is to set up a 2nd authentication / authorization database. Here is my current config HTTP config: [ ... LoadModule authz_unixgroup_module libexec/apache22/mod_authz_unixgroup.so ... AddExternalAuth pwauth /usr/local/bin/pwauth SetExternalAuthMethod pwauth pipe ... <Location /subversion/> AuthBasicProvider external AuthExternal pwauth AuthName Subversion AuthType Basic AuthzUnixgroup on Dav svn Require file-group SSLRequireSSL SVNParentPath /usr/local/svn/ </Location> ] 1. Any user accessing Subversion has to be authenticated against the Unix password database. Works. 2. Before we hit the Subversion module I would like to authorize the user against the file system. Does not work. I have repositories laid out on the file system under '/usr/local/svn/' like this: drwxrwx--- 6 root backup 512 Feb 9 2012 backup drwxrwx--- 6 root common 512 Feb 9 2012 common drwxrwx--- 6 root news_alert 512 Jun 14 2012 news_alert ... Each repository's group is the collection of users who should be able to read and write it, plus the Apache's 'www' user. This works fine with 'svnserve', enforced by Unix. How could I convince Apache to check the directory access rights before it hits MOD_DAV_SVN? There are 2 flaws at the moment: 1. 'Require file-group' checks against '/usr/local/www/apache22/data/subversion/common' and not '/usr/local/svn/common'. 2. It also checks each path components of, for example, '/subversion/ppt/!svn/ver/48/trunk' and not only '/subversion/ppt/'. Any idea how to fix this? Any other approach to the problem? Cheers B.
