[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN not asking for authorization

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-05-21 20:19:42 CEST

On May 21, 2005, at 10:00 AM, Dave Merrill wrote:
>
> Hmmm... I'm sure you're right, but section 3.2.4 of the tortoise docs,
> "Authentication with svnserve", talks about the "conf/svnserve.conf
> file in
> your repository directory. This file controls the configuration of the
> svnserve daemon..."
>
> Am I confused?

Yes, but I'm not sure about what. :-)

There are two sides of the network: the server side, and the client
side.

On the server side, there's a repository, and there are server
processes (either apache or svnserve.) Access control on the
repository is control by the server processes, as described in
chapter 6. In the case of Apache, there's an authorization 'module'
you need to install. In the case of svnserve, authorization is
controlled by the 'svnserve.conf' file within the repository's conf/
subdirectory.

On the client side, there's a client program. It makes network
requests, and they're either allowed or disallowed by the server
process. In addition, there's a 'client configuration' area in each
user's home directory (~/.subversion/) which has files that control
various run-time behaviors of the svn client. That's explained in
chapter 6.

What's confusing you, perhaps is the odd case of file:/// URLs. When
a client accesses a repository directly via file:///, there's no
network, and thus no separation between client and server. The
client and the server are the same program. And in this case,
there's no authentication or authorziation, other than whatever the
operating system allows. That is: either the operating system
allows you to read/write the repository database files, or it doesn't.

>
> Is it possible to shut down all access except through apache
> (leaving aside
> direct edits of the files in the repo itself)? In that
> configuration, I
> could use an http url locally, and also allow others access when I
> want to,
> both through a single set of access controls in apache. Make sense?
>
>

You can certainly use an http:// url locally, and then set the
operating system permissions on the repository such that local users
aren't allowed to access the repository directly.

In other words, set things up such that apache runs as a specific
user, and then make sure that *only* the 'apache user' has OS-
permissions to access the repository files.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat May 21 20:22:30 2005

This is an archived mail posted to the Subversion Users mailing list.