Subversion Authz Examples

After Subversion server already delivered, I need to deliver some ACL (Access Control List) so everyone can access to their repository respectively.

By understanding some rules at Subversion Path-based Authorization, we can create a great ACL so it can guarantee no repository can be overwritten by unwanted person. In order to deliver Path-based ACL, we need to have following options enabled in the svnserve.conf:

anon-access = none
auth-access = write
password-db = passwd
authz-db = authz
realm = My Subversion Repository

Following example is for 2 different developer team (PHP and Ruby) which accessing one repository under /svn directory in the server. The SVN path is: svn://192.168.1.100/svnrep . We also have boss and system administrator to be act as the admin/owner of the system.

In my /svn/conf/authz file, I have to put following directives with description:

# User defined in group
[groups]
admin = boss, sysadmin
phpteam = php1, php2, php3
rubyteam = ruby1, ruby2
 
# SVN root should only be access by boss and system admin
[/]
@admin = rw
* =
 
# Main web repository should only be access by boss and system admin, others cannot read/write at all
# By specifying svn path, we need to list which user/group who can and cannot access
[/web]
@admin = rw
* =
 
# PHP project repository can only be access by php developer, boss and sys admin
# By specifying svnrep: directive, we just need to list which user/group who can access
# Others will automatically rejected
[svnrep:/web/php]
@phpteam = rw
@admin = rw
 
# Ruby project repository can only be access by Ruby developer, boss and sys admin
# By specifying svnrep: directive, we just need to list which user/group who can access
# Others will automatically rejected
[svnrep:/web/ruby]
@rubyteam = rw
@admin = rw

After we create the ACL, the changes will takes immediately without restart. Our PHP team can now deliver their development work without interuption from Ruby development team, while in other hand, the boss can monitor their progress and the system administrator can still manage and perform maintenance for the Subversion repository.