[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

R: R: SVNParentPath and per Repository Permissions

From: Guido Anzuoni <guido.anzuoni_at_kyneste.com>
Date: 2004-09-07 17:20:13 CEST

> -----Messaggio originale-----
> Da: Guido Anzuoni
> Inviato: martedì 7 settembre 2004 17.13
> A: Brandstädter Reinhard; users@subversion.tigris.org
> Oggetto: R: SVNParentPath and per Repository Permissions
>
>
> I am not sure I have fully understood your problem (a little
> example may help).
> Anyway, I will explain may conf hoping it would somehow be useful.
>
> I have configured apache to serve svn repository with ldap
> authentication as follows
> (using ldap module bundled with apache):
>
> <Location /svnldap>
>
> DAV svn
> SVNParentPath E:/SVNROOT/repositories
> AuthzSVNAccessFile E:/SVNROOT/config/security/svn-http-authz.txt
>
> AuthType Basic
> AuthName "Subversion"
>
> AuthLDAPEnabled on
> AuthLDAPRemoteUserIsDN off
>
> AuthLDAPUrl .....
> AuthLDAPBindDN .....
> AuthLDAPBindPassword ...
>
> Deny from all
....Missing piece....
      allow from env=svnagent <------ to avoid write access when the repos is mounted as
                                                    a web folder

> Require valid-user
> Satisfy all
>
> </Location>
>
> In AuthzSVNAccessFile I have something like:
>
> [groups]
> admin = <members of global admin group>
> repos1-team = <members of repos1 project team>
>
> [/]
> * = r
> @admin = rw
>
>
> [repos1:/]
> @repos1-team = rw
> .......
>
> If you want to have read access control too, you could do
> something like:
>
> [groups]
> admin = <members of global admin group>
> repos1-team = <repos1 project team>
> repos1-admin-team = <repos1 project admins>
>
> [/]
> * =
> @admin = rw
>
>
> [repos1:/]
> @repos1-team = r
> @repos1-admin-team = rw
> .......
>
>
> Guido
>
>
> > -----Messaggio originale-----
> > Da: Brandstädter Reinhard
> > [mailto:Reinhard.Brandstaedter@ams-engineering.com]
> > Inviato: martedì 7 settembre 2004 16.48
> > A: Guido Anzuoni
> > Oggetto: AW: SVNParentPath and per Repository Permissions
> >
> >
> > Oh I've read the acl section in the book, and maybe I was too
> > less precise.
> > I guess since I already limit the authentication via ldap via
> > a "require group" directive there is no other way using the
> > SVNParentPath.
> > (I don't want to find a general "require group" wich is valid
> > for all repositories, but want to keep the group of users who
> > can access a repository (authentication process) to a minimum.
> >
> > Reinhard
> >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Guido Anzuoni [mailto:guido.anzuoni@kyneste.com]
> > > Gesendet: Dienstag, 07. September 2004 09:24
> > > An: Brandstädter Reinhard; users@subversion.tigris.org
> > > Betreff: R: SVNParentPath and per Repository Permissions
> > >
> > >
> > > You can use per-directory access control as documented in
> > >
http://svnbook.red-bean.com/svnbook/ch06s04.html#svn-ch-6-sect-4.4.2
> >
> > The only caution is to configure ldap authentication to not
> > to use full DN for
> > the authenticated principal otherwise you run into troubles
> > defining groups in subversion authorization conf (btw, an
> > escaping mechanism for group member separators would help).
> >
> > Guido.
> >
> >
> > -----Messaggio originale-----
> > Da: Brandstädter Reinhard
> > [mailto:Reinhard.Brandstaedter@ams-engineering.com]
> > Inviato: martedì 7 settembre 2004 8.46
> > A: users@subversion.tigris.org
> > Oggetto: SVNParentPath and per Repository Permissions
> >
> >
> > Hi,
> >
> > I'm just browsing through the Subversion paperback book
> > (great job, by the way!), and playing around with my apache
> > configuration. The SNVParentPath is a pretty handy directive,
> > but how would this work if you want to set different
> > permissions per repository? I'm planning to use LDAP
> > authentication against MS Active directory with the excellent
> > mod_auth_ldap module by Muhammad A Muquit
> > http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_l
> dap_apache2.html
>
> At the moment I only see the solution by using one <Location>
> directive per repository and also set permissions per
> <Location> directive. Am I wrong, or is there a way to use
> the convenience of ParentPath and per-repos permissions?
>
> Thanks,
> Reinhard
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 7 17:21:03 2004

This is an archived mail posted to the Subversion Users mailing list.