[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

A question about per-directory access

From: <gorjy_at_mail.bg>
Date: 2006-02-15 16:27:07 CET

 Dear Sir or Madam

 I am using Subversion 1.2.3 on a Red Hat Enterprise Release 4 Advanced Server.
 The connection with the repositories is thru Apache 2.0.52 httpd server.

 The Subversion package is downloaded a few months ago from:
 http://summersoft.fay.ar.us/pub/subversion/latest/rhel-4/bin/

 The httpd.conf configuration is as follows:
-------------------------------------------------------------------------
 LoadModule access_module modules/mod_access.so
 LoadModule auth_module modules/mod_auth.so
 LoadModule auth_anon_module modules/mod_auth_anon.so
 LoadModule auth_dbm_module modules/mod_auth_dbm.so
 LoadModule auth_digest_module modules/mod_auth_digest.so
 LoadModule ldap_module modules/mod_ldap.so
 LoadModule auth_ldap_module modules/mod_auth_ldap.so
 LoadModule include_module modules/mod_include.so
 LoadModule log_config_module modules/mod_log_config.so
 LoadModule env_module modules/mod_env.so
 LoadModule mime_magic_module modules/mod_mime_magic.so
 LoadModule cern_meta_module modules/mod_cern_meta.so
 LoadModule expires_module modules/mod_expires.so
 LoadModule deflate_module modules/mod_deflate.so
 LoadModule headers_module modules/mod_headers.so
 LoadModule usertrack_module modules/mod_usertrack.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule dav_module modules/mod_dav.so
 LoadModule dav_svn_module modules/mod_dav_svn.so
 LoadModule authz_svn_module modules/mod_authz_svn.so
 LoadModule status_module modules/mod_status.so
 LoadModule ssl_module modules/mod_ssl.so
 LoadModule autoindex_module modules/mod_autoindex.so
 LoadModule asis_module modules/mod_asis.so
 LoadModule info_module modules/mod_info.so
 LoadModule vhost_alias_module modules/mod_vhost_alias.so
 LoadModule negotiation_module modules/mod_negotiation.so
 LoadModule dir_module modules/mod_dir.so
 LoadModule imap_module modules/mod_imap.so
 LoadModule actions_module modules/mod_actions.so
 LoadModule speling_module modules/mod_speling.so
 LoadModule userdir_module modules/mod_userdir.so
 LoadModule alias_module modules/mod_alias.so
 LoadModule rewrite_module modules/mod_rewrite.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
 LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule suexec_module modules/mod_suexec.so
 LoadModule disk_cache_module modules/mod_disk_cache.so
 LoadModule file_cache_module modules/mod_file_cache.so
 LoadModule mem_cache_module modules/mod_mem_cache.so
 LoadModule cgi_module modules/mod_cgi.so

 ....

 LDAPSharedCacheSize 200000
 LDAPCacheEntries 1024
 LDAPCacheTTL 300
 LDAPOpCacheEntries 1024
 LDAPOpCacheTTL 300

 <Location /svn>
  DAV svn
  SVNPath /var/SVN/Develop_rep
  AuthType Basic
  AuthName "SVN: Please input AD user, password"
  AuthLDAPEnabled on
  AuthLDAPURL "ldap://srv2.xxxx.bg:389/DC=srv2,DC=xxxx,DC=bg?account"
  AuthLDAPAuthoritative on
  AuthLDAPBindDN "CN=ldap,OU=Central IT,DC=srv2,DC=xxxx,DC=bg"
  AuthLDAPBindPassword **********
  AuthzSVNAccessFile /var/SVN/Develop_rep/conf/uAccess
  Require valid-user
 </Location>
-------------------------------------------------------------------------

 Whenever I try to access the repository thru the url: http://www.xxxx.bg/svn
the system asks me for username and password. After typing the needed
information
the ldap module checks if they are correct and only then grants me access.

 In the repository 'conf' directory I have placed a file called 'uAccess', which
should describe the per-directory rights. The file contains:
-------------------------------------------------------------------------
 [groups]
 developers=user1,user2,user3
 users=client1,client2
 [/]
 *=r
 @developers=rw
 [/Project1/Bin/]
 @users=r
 [/Project1/Source/]
 *=
 @developers=rw
-------------------------------------------------------------------------

 My problem is that all users, who access the repository either have read, write
or no access rights to all of the repository. I mean if they could access the
top
level, they could as well access deeper in the repository.
 I can not configure the system to give read access to group users to directory
'Bin'
and decline access to direcotry 'Source'.
 Even stranger is that if a user is said to have just read access, then the
system declines him write access throughout the whole repository.

 I am looking to hearing from you.

 G. Valkanov

-----------------------------

Tophost.bg , 15 лв домейни
1.66 лв хостинг
всеки клиент с допълнително безплатен месец
http://www.tophost.bg/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Feb 15 16:50:16 2006

This is an archived mail posted to the Subversion Users mailing list.