[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: confusing http.conf access control

From: Sander Striker <striker_at_apache.org>
Date: 2003-01-17 13:48:02 CET

> From: solo turn [mailto:soloturn99@yahoo.com]
> Sent: Friday, January 17, 2003 1:32 PM

Hi,

> we used a configuration like (with more subdirectories for different
> user groups):
>
> <Location /svnrep>
> DAV svn
> SVNPath /home/svn/svnrep
> SSLRequireSSL
> AuthType Basic
> AuthName "svn user"
> AuthUserFile /usr/secret/passwords
> AuthGroupFile /usr/secret/groups
> Require group internal-developer
> </Location>
> <Location /svnrep/trunk/projects/proj1>
> DAV svn
> SVNPath /home/svn/svnrep
> SSLRequireSSL
> AuthType Basic
> AuthName "svn user"
> AuthUserFile /usr/secret/passwords
> AuthGroupFile /usr/secret/groups
> Require group proj1-grp
> </Location>

The same repository, exported at two locations, accessible by
different groups... Ok.

> the effect was, that mod_dav showed
> /svnrep/trunk/projects/proj1/trunk/projects/proj1/correct-dir, and
> moving correct-dir up to /svnrep/trunk/projects/proj1 showed it also
> in the root (svnrep).

Could you rephrase this and tell us what you are trying to
accomplish? It seems logical to me that something you do in the
a repository will be shown at every location the repository is
exported at.

> all the users were in all groups.

Then why put the repository in 2 locations?

> the more stable solution seems to be a configuration with:
>
> <Location /svn>
> DAV svn
> SVNParentPath /usr/svn
> SSLRequireSSL
> AuthType Basic
> AuthName "svn user"
> AuthUserFile /usr/secret/passwords
> AuthGroupFile /usr/secret/groups
> Require valid-user
> </Location>
> <Location /svn/rep1>
> Require group all-developpers
> </Location>
> <Location /svn/rep1/trunk/projects/proj1>
> Require group proj1-grp
> </Location>

Again, what are you trying to accomplish. If you
don't have a pre-commit hook, 'all-developers' can still
mess with both /svn/rep1 (desired) _and_
/svn/rep1/trunk/projects/proj1 (undesired!) IIRC.

All other repositories (that is, other than /svn/rep1)
are rw to all valid users.

> if i'm right here, may i suggest 2 things:
> - a rewrite (throw out unimportant confusing stuff,
> and extending by this) of the access control part
> of the book.

Last time I checked the book it didn't have anything confusing
in it about access control.

What you probably want to do is look at the pre-commit hook
and invoke commit-access-control.pl from there.

> - a clean handling of the first (errenuous?) configuration.

Apache is doing what it is told.

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jan 17 13:48:50 2003

This is an archived mail posted to the Subversion Dev mailing list.