Subversion repository security configuration under subserve on Windows December, 2006
I want to start off by saying that I am running subserve v1.4 as a Windows service. From what I have read configuration may be somewhat different when using httpd, SSH or on another OS. So the following may or may not fully apply to other access methods, versions or OS's.
The first repository security configuration file you will encounter is the svnserve.conf file. It appears that Subversion looks for this file specifically under the "conf" folder within the repository tree. I don't believe there is a way to configure this path or the filename it looks for. This file has only one section called "general". It contains 5 basic security settings. The settings are as follows:
anon-access: Valid values for this setting are read, write or none. This value specifies repository wide access for anonymous users. If there is a conflict with this setting and with folder permissions specified in the authz file, the most restrictive permission is applied.
auth-access: Valid values for this setting are read, write or none. This value specifies repository wide access for authenticated users. If there is a conflict with this setting and with folder permissions specified in the authz file, the most restrictive permission is applied.
password-db: This specifies a path to a user database. This can be an absolute path ("C:\config\passwd") or a relative path ("..\..\config\passwd"). If no path is specified only anonymous access will be supported. Only the anon-access permission will be in force.
authz-db: This specifies a path to a folder permissions database. This can be an absolute path ("C:\config\authz") or a relative path ("..\..\config\authz"). If no path is specified then path based permissions are not applied. Only the anon-access and auth-access permissions will be in force.
realm: This is a string that serves as a unique identifier which identifies a realm or security domain the repository is associated with. A realm is basically the user base contained in the user database (passwd file). Each repository that shares a single user database should have the same realm specified. So for example if you had a user database at "C:\config\passwd" which was used by three repositories, all three repositories should have the same realm specified.
The second file you will encounter is the user database. The name of this file is passwd by default but can be anything. If user authentication is desired the path to this file must be set in the password-db setting in the svnserve.conf file. If no path is set for this setting, no user authentication will take place. The user database can be shared by multiple repositories. Each repository that shares a single user database should have the same realm specified. The user database contains only one section called "users". The settings in this group are username/password pairs. For example:
bsimpson = R@dio@ctiveM@n
lsimpson = Bl33dingGumsMurphy
The third file you will encounter is the path based permissions database. The name of this file is authz by default but can be anything. If path based permissions are desired the path to this file must be set in the authz-db setting in the svnserve.conf file. This file defines user groups and path permissions. The first section in this file is called "groups". Here you can specify groups and their membership. Each setting is a group name and a comma separated user list. It does not appear that white space in this list causes any problems. Unfortunately as of Subversion 1.4 you cannot specify user groups in the user database (passwd), only in this file. Here is an example of the "groups" section:
admin = mburns, djquimby
users = bsimpson, lsimpson
The sections that follow are path specific permissions. The section name is the path. The path begins with a forward slash but must not end with one. Evidently (As of Subversion 1.4) the "repository" prefix for repository specific permissions (IE: [repository:/yada/yada]) is ignored when using svnserve to access repositories. It appears that it is only recognized when using the httpd access method. So separate files would have to be maintained to provide repository specific folder permissions. Otherwise if identical paths existed in two or more repositories the permissions for those paths would be identical, there would be no way to differentiate them. Each path permission section contains members which could be a group name prefixed with an ampersand (@), wildcard (*) denoting all users (Including anonymous) or simply a username. The permissions are ‘r' for readonly, ‘rw' for read/write or ‘' (Blank) for no access (Including anonymous users). Permissions are inherited from the parent folder if no permissions are specified for a particular path. If permissions conflict, the least restrictive permissions are applied. Here is an example of path permissions:
* = rw