On May 20, 2005, at 5:49 PM, Dave Merrill wrote:
> SVN newb here, aplogies if this is all obvious...
>
> I'm not sure if this is a Subversion or TortoiseSVN issue, but
> TortoiseSVN
> doesn't seem to require any kind of authorization to access a file-
> based
> repository on the same machine (win2k).
>
> svn/repositoryname/conf/svnserve.conf contains the following (among
> other
> things):
>
> ----------------
> [general]
> password-db = passwd
> realm = Subversion repositories
> anon-access = none
>
> [auth]
> store-auth-creds = no
There are multiple confusions here...
First, there's no such thing as an [auth] section in svnserve.conf.
You're mixing it up with a config section from the *client* side
~/.subversion/servers file.
Second, that file is only ever used by the 'svnserve' server
program. That's it. Not apache, and certainly not direct (file:///)
access.
Third, there's no such thing as access control when your client
touches the repository directly via file:///. It's meaningless; who
would enforce it? Even if the client saw some variables that meant,
"don't change things", the user could always open the repository
files directly in a text editor and and start mucking with things.
In other words, the only permissioning going on are operating-system
perms on the database files. That's it. Set the ACLs appropriately,
and let your OS do the work.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat May 21 02:18:52 2005