[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: tweaking permissions

From: Crotchett, Darren <dcrotchett_at_mdot.state.ms.us>
Date: 2006-12-19 18:07:09 CET

Although I haven't solved my problem, I'll post an update for anyone who
may be having a similar problem. They may it beneficial.
 
I have continued to Google for solutions. I was able to find two links
that described the same problem that I was having. Essentially, they
recommend adding a trailing "/" to the location and adding a rewrite to
add a trailing "/" to the URL. I got mixed results with this. It seems
like it worked one time, then not the next (I probably did something
different, the page was cached or something). I'll continue to
experiment with it. If it proves to be inconsistent and nobody has any
other ideas, I'll probably just write an html page and put my links
there. This defeats the purpose of SVNListParentPath, but I don't want
to give up the control that an AuthzSVNAccessFile gives me. And, I
can't use both.
 
Here are the links I referred to:
http://www.red-bean.com/pipermail/svnbook-dev/2006-May/002021.html
http://svn.haxx.se/users/archive-2006-01/0050.shtml
 
Also, I think I have sufficiently confirmed that the values passed in
via the pop-up .htaccess provides are indeed compared against the Authz
file. That came as a surprise to me. I guess that's why I wanted
someone to validate what I had determined on my own. Never the less, it
works nicely.
 
If anyone comes up with a bette solution for me with using the
SVNListParentPath and AuthzSVNAccesFile directives together, I would
appreciate it.
 
Darren
 

________________________________

        From: Crotchett, Darren [mailto:dcrotchett@mdot.state.ms.us]
        Sent: Monday, December 18, 2006 2:13 PM
        To: users@subversion.tigris.org
        Subject: tweaking permissions
        
        
        I have a couple of questions that I have not been able to figure
out from my own reading. I am using Subversion 1.3.2 and Apache2 on
Ubuntu/Edgy. The first question is really just confirmation of what I
have observed from testing:
         
        
        It appears to me that the members of the group defined in the
authz file are not unix users. Rather, they are the identified by the
username who athenticates via .htaccess. Is this correct?
         
        Second question: I have set up 4 or 5 repositories. I am using
.htaccess and authz to manange permissions. I would like for all of the
repositories to be listed. But, I want to restrict permissions on them.
I've managed to get both, just not at the same time. Before I added the
authz file, I could browse the ParentPath and see all of the
repositories. After adding the authz, I gained finer grained control
like I was looking for, but I lost the ability to browse the ParentPath
of the repositories.
         
        Here is what the relative part of my apache.conf file looks like
(which is nearly verbatim from the book):
        

        <Location /repos>
                DAV svn
                SVNListParentPath on
                SVNParentPath /usr/local/svn-repositories/
         
                # Subversions access control policy
                AuthzSVNAccessFile /usr/local/subversion_authz
         
                # anonymous access tried first
                Satisfy Any
                Require valid-user
         
                # authentication
                AuthType Basic
                AuthName "Subverion Repository"
                AuthUserFile /usr/local/apacheUsers
        </Location>
        
         
        Here is what my authz file looks like:
         
        [groups]
        private = ME
        # give everyone read access to the root dir of each repository
        [/]
        * = r
        # deny everyone to this directory
        [repos1:/trunk/newdad]
        * =
        @private = r
        # deny everyone, then allow members of the private group
        [repos2:/]
        * =
        @private = rw
        
         
        TIA,
        Darren
        CONFIDENTIALITY NOTICE This e-mail and any files or
attachments may contain confidential and privileged information.
        If you have received this message in error, please notify the
sender at the above e-mail address and delete it and
        all copies from your system.
        

CONFIDENTIALITY NOTICE This e-mail and any files or attachments may contain confidential and privileged information.
If you have received this message in error, please notify the sender at the above e-mail address and delete it and
all copies from your system.
Received on Tue Dec 19 18:07:07 2006

This is an archived mail posted to the Subversion Users mailing list.