Hello,
I have two repositories with two subdirectories each, and four groups
of users. I have written an authz file to describe the ACL I require
- namely that the root of both repository be anonymous read-only, and
that different control is imposed per group each subdirectory, with
inheritance taking place on anything beneath them.
Following the advice of the book, I have set up my apache container
with both Satisfy Any and Require Valid User, to provide a combination
of authentication and anonymous access.
I am finding that with Satisfy Any, all users can browse anywhere in
either repository, even if this is specifically restricted in the
authz file.
If I remove Satisfy Any, I find that every time a user moves within
the repos they are challenged for a password. The ACL is honoured -
ie the users are only allowed to do as the ACL describes, but they are
challenged even for areas where they should have anonymous, read-only
access.
What I want is a combination - but I cannot see what I have done
wrong. My container and authz file are below.
Any suggestions? Or am I missing something obvious?
S.
<Location /repos>
DAV svn
SVNParentPath /local/svn
SVNIndexXSLT /svnindex.xsl
# Require SSL connection for password protection.
SSLRequireSSL
# our access control policy
/etc/httpd/conf/.svnauthz
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
# How to authenticate if needed
AuthType Basic
AuthName "De La Rue Subversion Repositories"
AuthUserFile /etc/httpd/conf/.htpasswd
</Location>
And my AuthzSVN acl is:
[groups]
coe = sanjay, darryl
im = witcharp, nelsonst
general = subversion
atos = berry, fred
[/]
* = r
[devrep:/]
@coe = r
@im = r
@general = r
@atos = r
[devrep:/dlr]
@coe = rw
@im = rw
@general =
@atos = r
[devrep:/atos]
@coe =
@im = r
@general =
@atos = rw
[prdrep:/]
@coe = r
@im = r
@general = r
@atos = r
[prdrep:/prdobj]
@coe =
@im = rw
@general =
@atos =
[prdrep:/prddoc]
@coe = rw
@im = r
@general = r
@atos = r
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Feb 28 10:38:06 2007