[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVNParent authz

From: Andy Canfield <andy.canfield_at_pimco.mobi>
Date: Sun, 31 Jul 2011 10:03:38 +0700

On 07/29/2011 01:48 PM, Cooke, Mark wrote:
>> -----Original Message-----
>> From: Andy Canfield [mailto:andy.canfield_at_pimco.mobi]
>> Sent: 29 July 2011 05:14
>> To: users_at_subversion.apache.org
>> Subject: SVNParent authz
>>
>> I am having a problem with AuthzSVNAccessFile.
>>
>> Consider the case where I have two repositories, R1 and R2 Some users
>> are authorized to examine R1 by going to
>> http://example.com/svn/R1
>> Other users are authorized to examine R2 by going to
>> http://example.com/svn/R2
>> But everyone should be able to see the list of repositories
>> by going to
>> http://example.com/svn
>>
>> I can't get that to work. I am having a problem with the
>> mod_dav_svn.conf command:
>> AuthzSVNAccessFile /Subversion/conf/authz
>> If I have AuthzSVNAccessFile turned off (commented out), then
>> all users
>> can see the contents of all repositories. But if I have
>> AuthzSVNAccssFile turned on, then nobody is authorized to see
>> the list
>> of repositories via "http://example.com/svn" because I can't
>> figure out
>> how to set authz to give read access to the repository collection but
>> limited access to the individual repositories. Here is my
>> closest guess
>> for authz -
>> [groups]
>> everyone = andy,fred
>> [/]
>> @everyone = r
>> [subdoc:/]
>> andy = rw
>> The "[/]" section is the part that is incorrect. How can I
>> give everyone
>> read access to "http:///example.com/svn" without giving them
>> read access
>> to "http://example.com/svn/subdoc" ? Indeed, it seems as if
>> the instant
>> I turn on AuthzSVNAccessFile nobody can read
>> "http://example.com/svn" at
>> all.
>>
>> Thank you for your patience.
>>
> There was a bug relating to authz which meant that users had to have
> access to the root to see anything, you do not mention which version you
> are using?
Version: 1.6.12dfsg-4ubuntu2.1

> Note that you can remove permissions as well as grant them, so something
> like this should work...
>
> [groups]
> everyone = andy,fred
>
> [/]
> @everyone = r
>
> [R1:/]
> andy = rw
> fred =
>
> [R2:/]
> andy =
> fred = rw
>
> If that does not work, can you post the relevant bits of your apache
> conf and also which versions and platforms you are on. For example, I
> use the following for our windoze based repos:
>
> <Location /svn/>
> DAV svn
> SVNParentPath D:/svn/root/
> SVNListParentPath On
> # restrict access to subversion repository paths...
> AuthzForceUsernameCase Lower
> AuthzSVNAccessFile D:/path/to/svn-users.txt
> </Location>
>
> ~ mark c
>
Thanks. Built my own web page to do the list of repositories. My page
shows megabytes, user and date of last revision, and includes a button
to create a new repository. Goes in through PHP, not via
SVNListParentPath. Access controlled by Apache not Subversion. Works OK.
So we seem to be ready to fly here. Thanks to all.
Received on 2011-07-31 05:04:29 CEST

This is an archived mail posted to the Subversion Users mailing list.