I've got a Subversion repository of private files, served by Apache over HTTPS using dav_svn. I'd like to give users in a single domain read access to a single file from this repository using HTTP. How do I write such an override? The current configuration:
<Location /svn>
DAV svn
SVNParentPath /var/lib/svn
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
</Location>
This appears an old one, but it popped up in the RSS feed, so..
If I've understood the question correctly, you want to override the authentication for one file only.
As katriel said, using the Satisfy directive allows you to specify alternate permission. Using this in the Files directive restricts the overrides to specific files. This won't allow commits as only one file has access without authentication. You can always make sure with a pre-commit or start-commit hook.
You could try using both authentication and allow,deny based access control on the same directory. The using "Satisfy" you can "OR" them both. Using the authz file, you can allow read-only access on a certain path in the repository It will look something like:
and in the authz file use
This is not a perfect solution, bur there's no real other way to exclude a domain from authenticating
I don't think it is a good idea to expose a repository to anonymous commits under any circumstance. You might want to try a more elaborate setup, using a post-commit hook to perform an update and exposing that directory through an alias with read-only access for a particular subnet or domain:
e.g. in /var/lib/svn/repos/hooks/post-commit :
And in your httpd.conf
YMMV