[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Newbie confusion with authentication....

From: Sean Laurent <sean_at_neuronfarm.com>
Date: 2004-10-27 20:26:00 CEST

(replying to list)
On Wednesday 27 October 2004 11:42 am, Odhiambo Washington wrote:
> * Sean Laurent <sean@neuronfarm.com> [20041027 19:29]: wrote:
> > On Tuesday 26 October 2004 11:50 am, Odhiambo Washington wrote:
> > > /HTTPD/ is owned by www:www - my web server user. Apache runs
> > > as www:www
> > >
> > > /usr/local/subversion is owned by svn:svn
> >
> > As Ulrich already pointed out, this will very likely cause problems for
> > you. Either make the repository/repositories owned by the web server user
> > or add the web server user to the svn group.
>
> That is what I will do.
> However, let me ask: What if I let apache run as the svn user while
> accessing the repos? If I add the following directive to the virtual
> host -
>
> SuexecUserGroup svn svn
>
> Will that still complicate the matter?

Honestly, I don't know. I'm far being an Apache expert, so I really don't
know enough about the SuexecUserGroup directive, although I suspect it won't
solve the problem. You might be better off using the Group directive and
forcing Apache to run as part of the svn group. Perhaps someone on the list
knows more?

> > >[Tue Oct 26 19:42:09 2004] [error] [client 62.8.64.108]
> > >Access denied: 'wash' GET systems:/
> >
> > Your httpd.conf snippet shows that you've specified the svn access file
> > as /HTTPD/etc/svn_access. Does this file exist? Who owns it? Could you
> > show us the contents?
>
> Sure. Here goes ....
>
> <cut>
>
> [systems:/usr/local/subversion/systems]
> wash = rw
> fdisk = rw
> wanderi = r
> gitau = r
> mucheru = rw
> smuchai = rw
>
> # Give Wanderi and others RW access to the 'testing' subdir
> [systems:/usr/local/subversion/systems/testing]
> wanderi = rw
> gitau = rw
> willie = rw
>
> [networks:/usr/local/subversion/networks]
> gitau = rw
> wash = rw
> wanderi = rw
> willie = r
> mucheru = rw
> smuchai = rw
> sethkoko = r
> samuel = r
> emily = r
> rnjoroge = rw
> rkaniaru = rw
>
> [web:/usr/local/subversion/web]
> wash = rw
> willie = rw
> wanderi = rw
> gitau = r
> mucheru = r
> smuchai = rw
>
> # Groups Configuration
> [groups]
> systems-admins = wash, wanderi, fdisk
> network-engineers = smuchai, gitau, rnjoroge, rkaniaru, samuel, sethkoko,
> emily web-developers = willie, wash, fdisk, mucheru, wanderi
> everyone = wash, wanderi, fdisk, smuchai, gitau, rnjoroge, rkaniaru,
> samuel, sethkoko, emily </cut>

Okay. From this perspective, I can't tell if you want to have 3 repositories
(systems, networks and web) or 1 repository with 3 main subdirectories, but I
do see a problem. However, the very first thing I would do is fix your
repositories. Frankly, I would start simple and make sure you can get things
working. Try following the instructions in the book
(http://svnbook.red-bean.com/svnbook-1.1/index.html) and setup a single
repository under /usr/local/subversion (which you specified with the
SVNParentPath directive):

$ mkdir /usr/local/subversion
$ svnadmin create /usr/local/subversion/systems

Re-read the section in the book on per-directory access control
(http://svnbook.red-bean.com/svnbook-1.1/ch06s04.html#svn-ch-6-sect-4.4.2).
Note that the format for entries in your svn_access file is:

[repos-name:path]
username = access level

The path is ~not~ the absolute path on disk, but is actually the path within
the repository. So, if you want to give yourself read-write acces to
everything in the systems repository, you need any entry in the svn_access
file like this:

[systems:/]
wash = rw

Try that and see if that works.

Sean Laurent

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Oct 27 20:26:28 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.