Re: access control: viewcvs

On Fri, Aug 20, 2004 at 12:58:43PM -0600, Michael W Thelen wrote:
> * solo turn <soloturn@gmail.com> [2004-08-20 10:35]:
> > we restricted access to our svn repository via apache and the
> > AuthzSVNAccessFile directive.
> >
> > how can we reach that these access rights do also apply when exposing
> > the repository with viewcvs?
>
> Use the exact same authorization mechanism. For example, something like this:
>
> # Subversion repository
> <Location /svn>
> DAV svn
> SVNPath /path/to/repos
> AuthType Basic
> AuthName "Subversion Repository"
> AuthUserFile /usr/local/apache2/conf/svn-auth
> Require valid-user
> AuthzSVNAccessFile /usr/local/apache2/conf/svn-access
> </Location>
>
> # ViewSVN
> ScriptAlias /viewsvn /path/to/viewcvs.cgi
> <Location /viewsvn>
> SVNPath /path/to/repos
> AuthType Basic
> AuthName "ViewSVN"
> AuthUserFile /usr/local/apache2/conf/svn-auth
> Require valid-user
> AuthzSVNAccessFile /usr/local/apache2/conf/svn-access
> </Location>

Huh? Will that actually work? mod_authz_svn's primary purpose is to
decode the special URLs we use into a fashion that can do path based
authorization. ViewCVS doesn't really use anything like this and rather
uses paths like so:
http://server/viewcvs.cgi/path/in/repo/foo.c

You can hide the viewcvs.cgi part with some aliasing. e.g.:
AliasMatch ^(/.*) /var/www/cgi-bin/viewcvs.cgi$1

But that's just hiding the implementation detail from the end user...

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org