[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authorization question

From: Eli Barzilay <eli_at_barzilay.org>
Date: 2007-02-06 07:12:10 CET

[Including full quotes since they come from different places; please
CC me on replies.]

In my case, `level_one' is a user specific directory -- so your
solution means that I need to set up things for users like this:

  [/]
  * = r

  [/john]
  * =
  john = rw

  [/jane]
  * =
  jane = rw

and later on, the users need to be aware of the same hack -- if john
wants to open a subdirectory, he needs to do

  [/john]
  john = rw
  [/john/foo] # public directory
  * = r
  [/john/bar1]
  * =
  john = rw
  [/john/bar2]
  * =
  john = rw

which is much more invloved than adding an entry only for /john/foo:
every other directory's permissions must change. More than that --
using this hack, it is possible to see which users are on the system,
and john must expose his toplevel directory structure.

Gregory Bartholomew <gregory.lee.bartholomew_at_gmail.com> writes:

> By using:
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
>
>
> You are preventing the authz module from being called on read requests
> (GET PROPFIND OPTIONS REPORT) so it cannot deny access to any part of
> the repository when the request is a read regaurdless of what you have
> specified in the authorization file.
>
>
> I think you can do what you are trying with something like the
> following in the authorization file:
>
>
> [/level_one]
> * = r
>
>
> [/level_one/level_two]
> * =
> jsmith = rw

Eli Barzilay <eli@barzilay.org> writes:

> [This is a third post of this question -- trying to avoid filing a bug
> if its bogus. Any help would be greatly appreciated.]
>
> I'm running a user repository, and there's some weird authorization
> problem. I want to let people determine the control that they want,
> so I have:
>
> <Location /usr>
> Dav svn
> SVNPath /home/svn/usr
> SVNAutoversioning on
> SVNIndexXSLT "/svnindex.xsl"
> Allow from all
> AuthType Digest
> AuthName "Subversion"
> AuthUserFile /home/svn/etc/passwd
> AuthDigestDomain /plt/ /iplt/ /iview/ /usr/ /play/
> AuthzSVNAccessFile /home/svn/etc/authz.conf
> Require valid-user
> </Location>
>
> which works fine, until someone wants to make a directory
> world-readable. So, I figure that I'll let the authz.conf be the only
> guard for unwanted reads, and changed that last line to:
>
> <Location /usr>
> ...
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> </Location>
>
> The world-readable directory works fine, but now normal per-user
> control doesn't work.
>
> Is there anything wrong in the above setup? 

-- 
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                  http://www.barzilay.org/                 Maze is Life!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Feb 6 07:12:42 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.