This isn't really the right place to post this, but there doesn't seem to be a right place, so here it goes!
I'm running a bunch of subversion repositories (one repository per project) over http (using apache).
One of the repositories is a shared_classes repository that stores shared scripts including a db_class and a db_connect.
In essence, the db_class requires the db_connect and the db_connect creates the connection based on a flag it is passed. I am trying to secure the db_connect file (because it has a DB password in it) and it doesn't seem to want to work.
I'm using mod_authz_svn and this is the line in my httpd.conf file:
<Location /svn> DAV svn SVNParentPath /u0/svn Require valid-user AuthType Basic AuthName "Atlantic Subversion Repositories" AuthUserFile /usr/local/Zend/apache2/conf/svn-auth SVNListParentPath On </Location> <Location /svn/shared_classes> AuthzSVNAccessFile /usr/local/Zend/apache2/conf/svn-path-auth-shared_classes </Location>
And here is my authz file:
[groups] dba = <usernames> [/] * = rw [/trunk/db_connect.php] * = @dba = rw
When I point my web browser to that repository, it works. I can see all files / dirs except for the db_connect.php script.
When I try to view it in eclipse or tortoiseSVN, I can download and view that file.
Now, here comes the rub.
If (in TortoiseSVN) I try to do a diff of two revisions of that file, or if I try to view annotations, etc, it fails, giving me a permission error.
All of the examples I can find are securing entire directories, but I just need to secure a single file.
Does anyone have any ideas?