[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Can't figure out authzfile syntax for subdirectory access control

From: Edward Bosco <ebosco_at_prologic-inc.com>
Date: 2006-05-01 18:59:38 CEST

New stuff at end of original message.
Ssl_access_log; upgraded Debian svn to 1.3.1-2

-----Original Message-----
From: Edward Bosco
Sent: Monday, May 01, 2006 12:05 PM
To: 'Xn Nooby'; Mathias.Weinert@gfa-net.de
Cc: users@subversion.tigris.org
Subject: Re: Can't figure out authzfile syntax for subdirectory access
control

Xn Nooby, Mathias -

Been following this thread, and implementing the path-based
authorization. Can't get particular paths to _not_ be accessible.

With svn 1.3.1 on a Windows XP machine, accessing an existing repository
on a Debian Sarge server running 1.2.3, I can't keep
a test user from accessing directories or files they ought not to be
able to access.

My dav_svn.conf file looks like:

<Location /svn2>
  DAV svn
  SVNPath /var/repos/repos/testrepo
  Allow from All
  Satisfy Any
  SVNPathAuthz on
  AuthType Basic
  AuthUserFile /etc/apache2/users
  AuthName "Test Repository"
  AuthzSVNAccessFile /etc/apache2/authz
  Require valid-user
</Location>

My authz file looks like:
[groups]
reatssdvp = ebosco, kwest
testdvp = test

[/]
* = r

[/simulations/ebosco]
* =
ebosco = rw

[/readme.txt]
* =
@reatssdvp = rw

[/simulations/readme.txt]
* =
ebosco = rw

[/components]
* =

[testrepo:/core]
ebosco = rw
* =

[/simulations]
* =
@reatssdvp = rw

==
Using a command line invocation of svn:
C:\Documents and Settings\ebosco>svn ls
https://reatss.prologic-inc.com/svn2/testrepo/core --username test
--password test --no-auth
-cache
I still get a listing of a directory I ought not see; same holds for svn
log or whatever.

Any thoughts as how to proceed? Xn, were you able to limit access to
subdirectories?

==========

Upgraded the Debian server svn to 1.3.1-2; still get the same symptoms;
can't limit access to subdirectories.

The ssl_access_log has what appears to be anonymous access on invoking
the svn command line above; the user names don't show up. Here's the
log:

10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/testrepo/core
HTTP/1.1" 207 694
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/vcc/default HTTP/1.1" 207 390
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/!svn/bln/2
HTTP/1.1" 207 441
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/testrepo/core
HTTP/1.1" 207 694
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/vcc/default HTTP/1.1" 207 390
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/!svn/bln/2
HTTP/1.1" 207 441
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/testrepo/core
HTTP/1.1" 207 694
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/vcc/default HTTP/1.1" 207 390
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/!svn/bln/2
HTTP/1.1" 207 441
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/testrepo/core
HTTP/1.1" 207 694
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/vcc/default HTTP/1.1" 207 441
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/bc/2/testrepo/core HTTP/1.1" 207 704
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND /svn2/testrepo/core
HTTP/1.1" 207 694
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/vcc/default HTTP/1.1" 207 441
10.1.1.72 - - [01/May/2006:12:04:49 -0400] "PROPFIND
/svn2/!svn/bc/2/testrepo/core HTTP/1.1" 207 3535

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon May 1 19:03:37 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.