Every year, the college requires dozens of new SVN repositories for the researchers, professors, students, and management that work there. Last semester, both computer science courses I was enrolled in used an SVN repo to manage and submit coursework. A streamlined version control system like SVN can be integral to a University's work cycle.
SVN here can be a real pain to set up, especially since we have so many repo owners. Right now, SVN repositories are spawned from ticket requests - if a professor needs a repository for a class she is teaching, she has to manually open a ticket/email the systems group, and someone from systems has to manually create the repo, and them manually edit the permissions file for the SVN server to give access to the appropriate users.
One of my coworkers was given the task of creating an automated system to update these permissions, and I've adopted it for work over the summer. The solution requires that an svn server's permissions be set through apache access, so I set out to do just that.
So it turns out that there is an Apache2 module called
that makes this whole process pretty easy. All it requires is a
little editing of configuration files in both apache and SVN. I'll
walk you through the steps.
First, you need to make an access control file that details the access that will be given to users and user groups on the SVN server. It uses the same formatting and rule system as SVN Authz files. If you are unfamiliar with SVN authz files, I suggest reading this stackoverflow page, or this red-book article on path-based authentication.
After you've made your access control file, you'll need to make a
passwd file that will store the usernames and passwords of the users
that will be accessing this svn server. Mine is stored in
svn.passwd. You can add users to this file at any time by
passwd command as root:
_username_ is the name of the user you would like to add. It
should prompt you for a password. The -m flag ensures that the
passwords are not stored in plaintext.
After you've made both the access control and passwd files, it's time to add users and edit directory permissions. To populate the passwd file with users, add users using the htpasswd command detailed above.
There are really only a few permissions you can set:
r - Read only . Check-out privileges. rw - Read and Write. Check-out and commit privileges.
If you looked at the links above related to SVN Authz files, this will
be an easy step. In the access control file, make sections that
create user groups and dictate repository and project
access. Different sections of the file are indicated by square
brackets, such as
[groups]. Here's a sample
[groups] section, this authz file declares two groups:
group2, each with different users. Then, in the
section, it gives both
group2 read-write permission.
This gives both groups read-write permission to the root of the
repository. If no other permissions were explicitly given, this would
give both groups read-write access to every project on the repository.
However, it then dictates permissions for the
This section assumes that you have a subversion repository up and running. The subversion repo settings are in:
Open it up with
sudo and go down to the bottom of the file, past all
the generated comments. Add this, tailored to your specific svn repo:
url_to_svn_repo will be the url extension you want to point to
your repository. For example, if the repo directory is
you're hosting it on
localhost, you will access your repo from
path_to_passwd_fileis the full path to the passwd file you made earlier.
path_to_authz_fileis the full path to the svn access file you made earlier.
After you save this file and restart Apache2, you should have path-based access control working properly.
I'm interested in building technological platforms that leverage what we know about social dynamics to help people live their lives better.
I'm currently working at the Human Dynamics Group at the MIT Media Lab, creating systems that attempt to measure and impact human social and health behaviors.
I've also worked with the Lazer Lab, inferring partisan dynamics from congressional public statements.
You can e-mail me at email@example.com
Send me encrypted messages using my PGP key. (via keybase)