On Thu, 2004-04-08 at 08:16, Tom Hosiawa wrote:
> All the repositories are in '/srv/svn'.
>
> I created a user svn and group svn, with the svn user's home='srv/svn'
> and shell='/bin/false'
>
> I have the following in httpd.conf:
> ====================================================
> <Location /svn>
> DAV svn
> SVNParentPath /srv/svn
> SVNIndexXSLT "/svnindex.xsl"
>
> # user authentication
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /srv/svn/conf/svn_users
>
> # allow anonymous read access
> Satisfy Any
> Require valid-user
Make sure your server is running 1.0.1 if you plan to use "Satisfy Any"
and "Require valid-user" together.
>
> # access control policy
> AuthzSVNAccessFile /srv/svn/conf/svn_policy
> </Location>
> ===================================================
>
> and svn_policy:
> ===================================================
> [groups]
> pbAnalyzer-dev = svn
>
> [pbAnalyzer:/svn/pbAnalyzer]
You should be talking about paths *within* the pbAnalyzer repository.
In other words, the /svn/pbAnalyzer is the location of the repository
itself. Within the policy file, you should be talking about "imaginary"
paths within particular repositories. For example, if you want the
pbAnalyzer-dev group to have full r/w access on the entire pbAnalyzer
repository, then you should be writing: [pbAnalyzer:/]
> Now, I just have to make apache process switch use to the svn user when
> accessing the repository. But its already using the its own apache user,
> group, so is it possible for it to switch to the svn user? Or should I
> make group owner of '/srv/svn' apache?
Your life will be simpler if you make apache run as the 'svn' user.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Apr 8 19:41:32 2004