如何隐藏特定用户的父路径?
How to hide parent path for specific users?
我们启用了 SVNParentPath 选项,并希望限制少数 users/groups 访问父路径。这可能吗?
svn.conf
<Location /repos>
DAV svn
SVNParentPath /var/svn/repos
AuthName "SVN Repo Authentication"
SVNListParentPath On
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/svn/svn_passwd
AuthzSVNAccessfile /var/svn/repos/svn_access
Require valid-user
</Location>
我们的访问控制文件如下所示
svn_access
# Groups & Users
[groups]
admin = admsvn, gurukiran
# Repo Access
[/]
@admin = rw
[groovy:/]
@admin = rw
kiran=rw
gopal=rw
ram=rw
mani=rw
vijay=rw
httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
当前问题:
- 我们只需要管理员有权访问 SVN 父路径。现在管理员和开发人员都可以访问父路径。
首先,您应该显示您的 httpd.conf 文件。您现在显示的字符串无济于事。其次,阅读 SVNBook about mod_authz_svn 并查看示例。
接下来,确保您已指定 Require valid-user 指令以及指定 AuthzSVNAccessFile.
的路径
顺便说一句,这个例子应该有所帮助:http://svnbook.red-bean.com/en/1.8/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir.ex-3
我们启用了 SVNParentPath 选项,并希望限制少数 users/groups 访问父路径。这可能吗?
svn.conf
<Location /repos>
DAV svn
SVNParentPath /var/svn/repos
AuthName "SVN Repo Authentication"
SVNListParentPath On
AuthType Basic
AuthBasicProvider file
AuthUserFile /etc/svn/svn_passwd
AuthzSVNAccessfile /var/svn/repos/svn_access
Require valid-user
</Location>
我们的访问控制文件如下所示
svn_access
# Groups & Users
[groups]
admin = admsvn, gurukiran
# Repo Access
[/]
@admin = rw
[groovy:/]
@admin = rw
kiran=rw
gopal=rw
ram=rw
mani=rw
vijay=rw
httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
当前问题:
- 我们只需要管理员有权访问 SVN 父路径。现在管理员和开发人员都可以访问父路径。
首先,您应该显示您的 httpd.conf 文件。您现在显示的字符串无济于事。其次,阅读 SVNBook about mod_authz_svn 并查看示例。
接下来,确保您已指定 Require valid-user 指令以及指定 AuthzSVNAccessFile.
顺便说一句,这个例子应该有所帮助:http://svnbook.red-bean.com/en/1.8/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir.ex-3