summaryrefslogtreecommitdiff
path: root/subversion/mod_authz_svn/INSTALL
diff options
context:
space:
mode:
Diffstat (limited to 'subversion/mod_authz_svn/INSTALL')
-rw-r--r--subversion/mod_authz_svn/INSTALL184
1 files changed, 109 insertions, 75 deletions
diff --git a/subversion/mod_authz_svn/INSTALL b/subversion/mod_authz_svn/INSTALL
index d2216ad..6882a07 100644
--- a/subversion/mod_authz_svn/INSTALL
+++ b/subversion/mod_authz_svn/INSTALL
@@ -186,10 +186,16 @@ II. Configuration
The "Require" statement in the previous example is not strictly
needed, but has been included for clarity.
- H. Example 8: Separate authz and groups files.
+ H. Example 8: Separating groups and authorization rules
- This configuration allows storing the groups separately from the
- main authz file with the authorization rules.
+ It may be convenient to maintain group definitions separately from
+ the authorization rules. This configuration allows splitting them
+ into two separate files.
+
+ The file specified by the AuthzSVNGroupsFile directive uses the
+ same format as the ordinary authz file and should contain a single
+ section with the group definitions. See section II.2.B for more
+ details.
<Location /svn>
DAV svn
@@ -205,78 +211,106 @@ II. Configuration
Require valid-user
</Location>
+ Configurations with per-repository access files may also use a
+ single file containing the group definitions. This configuration
+ avoids the need to duplicate the group definitions across multiple
+ per-repository access files.
+
+ AuthzSVNReposRelativeAccessFile filename
+ AuthzSVNGroupsFile /path/to/groups/file
+
+ NOTE: When the AuthzSVNGroupsFile directive is enabled, the
+ file specified with the AuthzSVNReposRelativeAccessFile or
+ AuthzSVNAccessFile directive cannot contain any group definitions.
+
2. Specifying permissions
- The file format of the access file looks like this:
-
- [groups]
- <groupname> = <user>[,<user>...]
- ...
-
- [<path in repository>]
- @<group> = [rw|r]
- <user> = [rw|r]
- * = [rw|r]
-
- [<repository name>:<path in repository>]
- @<group> = [rw|r]
- <user> = [rw|r]
- * = [rw|r]
-
- An example (line continued lines are supposed to be on one line):
-
- [groups]
- subversion = jimb,sussman,kfogel,gstein,brane,joe,ghudson,fitz, \
- daniel,cmpilato,kevin,philip,jerenkrantz,rooneg, \
- bcollins,blair,striker,naked,dwhedon,dlr,kraai,mbk, \
- epg,bdenny,jaa
- subversion-doc = nsd,zbrown,fmatias,dimentiy,patrick
- subversion-bindings = xela,yoshiki,morten,jespersm,knacke
- subversion-rm = mprice
- ...and so on and so on...
-
- [/]
- # Allow everyone read on the entire repository
- * = r
- # Allow devs with blanket commit to write to the entire repository
- @subversion = rw
-
- [/trunk/doc]
- @subversion-doc = rw
-
- [/trunk/subversion/bindings]
- @subversion-bindings = rw
-
- [/branches]
- @subversion-rm = rw
-
- [/tags]
- @subversion-rm = rw
-
- [/branches/issue-650-ssl-certs]
- mass = rw
-
- [/branches/pluggable-db]
- gthompson = rw
-
- ...
-
- [/secrets]
- # Just for demonstration
- * =
- @subversion = rw
-
- # In case of SVNParentPath we can specify which repository we are
- # referring to. If no matching repository qualified section is found,
- # the general unqualified section is tried.
- #
- # NOTE: This will work in the case of using SVNPath as well, only the
- # repository name (the last element of the url) will always be the
- # same.
- [dark:/]
- * =
- @dark = rw
-
- [light:/]
- @light = rw
+ A. File format of the access file
+
+ The file format of the access file looks like this:
+
+ [groups]
+ <groupname> = <user>[,<user>...]
+ ...
+
+ [<path in repository>]
+ @<group> = [rw|r]
+ <user> = [rw|r]
+ * = [rw|r]
+
+ [<repository name>:<path in repository>]
+ @<group> = [rw|r]
+ <user> = [rw|r]
+ * = [rw|r]
+
+ An example (line continued lines are supposed to be on one line):
+
+ [groups]
+ subversion = jimb,sussman,kfogel,gstein,brane,joe,ghudson,fitz, \
+ daniel,cmpilato,kevin,philip,jerenkrantz,rooneg, \
+ bcollins,blair,striker,naked,dwhedon,dlr,kraai,mbk, \
+ epg,bdenny,jaa
+ subversion-doc = nsd,zbrown,fmatias,dimentiy,patrick
+ subversion-bindings = xela,yoshiki,morten,jespersm,knacke
+ subversion-rm = mprice
+ ...and so on and so on...
+
+ [/]
+ # Allow everyone read on the entire repository
+ * = r
+ # Allow devs with blanket commit to write to the entire repository
+ @subversion = rw
+
+ [/trunk/doc]
+ @subversion-doc = rw
+
+ [/trunk/subversion/bindings]
+ @subversion-bindings = rw
+
+ [/branches]
+ @subversion-rm = rw
+
+ [/tags]
+ @subversion-rm = rw
+
+ [/branches/issue-650-ssl-certs]
+ mass = rw
+
+ [/branches/pluggable-db]
+ gthompson = rw
+
+ ...
+
+ [/secrets]
+ # Just for demonstration
+ * =
+ @subversion = rw
+
+ # In case of SVNParentPath we can specify which repository we are
+ # referring to. If no matching repository qualified section is
+ # found, the general unqualified section is tried.
+ #
+ # NOTE: This will work in the case of using SVNPath as well, only
+ # the repository name (the last element of the url) will always be
+ # the same.
+ [dark:/]
+ * =
+ @dark = rw
+
+ [light:/]
+ @light = rw
+
+ B. File format of the groups file
+
+ The file format of the groups file looks like this:
+
+ [groups]
+ <groupname> = <user>[,<user>...]
+ ...
+
+ An example:
+
+ [groups]
+ developers = harry,sally,john
+ managers = jim,joe
View Lorry Controller Status