SVNListParentPath and AuthzSVNAccessFile

From: Shawn Nicholson <shawn_nicholson1_at_hotmail.com>
Date: 2006-01-24 03:47:47 CET

Hello,
I am currently attempting to set up an SVN server using Apache http. I
have followed the documentation so far and have a running system.
I want to add two features which appear to be mutually incompatable but
can't find any
reason why from the documentation.

First - I need to control read/write access to different projects for
different groups. To this end
I have followed the directions for using AuthzSVNAccessFile and have been
able to control
access to each group appropriately. Here is my current http.conf location
setup:

<Location /svn>
  DAV svn
  #SVNListParentPath on
  SVNParentPath E:/projects/svn

# our access control policy
AuthzSVNAccessFile E:/projects/svn-access-file

  # try anonymous access first, resort to real
  # authentication if necessary.
  Satisfy Any
  Require valid-user

  # How to authorize a user
  AuthType Basic
  AuthName "Subversion repositories"
  AuthUserFile E:/projects/svn-auth-file
</Location>

In my svn-access-file I have at the top:

[/]
* = r

to allow anonymous users read access to all - when I browse to a project
(e.g. http://myserver/svn/project1 ) I am not asked for authentication
(as expected since I put the Satisfy Any in the http.conf). If I remove the
* = r and replace it with specific users/groups it asks for the auth.

However, when I add:

SVNListParentPath on

to the http.conf file so that I can go to http://myserver/svn and view a
list of all of the projects, it asks for authentication (even with * = r)
and then tells me Error 403 - permission denied.

If I comment out the
AuthzSVNAccessFile E:/projects/svn-access-file

line with SVNListParentPath on I can then successfully view the list of all
projects at http://myserver/svn after passing the authentication request.
(but of course now lack any control at the repository level).

How can I get repository specific access control while allowing for a list
of all projects (even if only specific users.. or all users globally would
have to have access)?

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
Received on Tue Jan 24 03:47:52 2006

This message: [ Message body ]
Next message: Stuart Celarier: "RE: Re: revision graph q. and FS#192 Show last committed rev in revision graph"
Previous message: Judah Frangipane: "Re: Edit conflicts suggestion"
Next in thread: Stefan Küng: "Re: SVNListParentPath and AuthzSVNAccessFile"
Reply: Stefan Küng: "Re: SVNListParentPath and AuthzSVNAccessFile"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]