[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Restricting access

From: Adrian Marsh <Adrian.Marsh_at_ubiquisys.com>
Date: 2007-03-09 18:10:00 CET

Thanks Rahul,

So what happens if you don't specify the -r option at all?

Currently, my .ssh authenticate file contains :

command="/usr/local/bin/svnserve -t --tunnel-user=marsh"
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa
<key>

If I change my .ssh authentication file to:

command="/usr/local/bin/svnserve -t --tunnel-user=marsh -r /svn"
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa
<key>

Then does that mean that the current url of:
svn+ssh://puttyname/svn/svnroot1 would change to
svn+ssh://puttyname/svnroot1 ?

Cheers,

Adrian
---------------

The authz file's repository specification is relative to the parent path

specified to svnserve via the -r
option.

for e.g.

$ ls ~/svnrroots
svnroot1 svnroot2

$ svnserve -d -r ~/svnroots/

Then authz file could contain:

[svnroot1:/bar]
rahul = w

So make sure you are specifying the correct root to svnserve

Adrian Marsh wrote:
> Anyone have an idea for this??
>
>
>
>
> -----Original Message-----
> From: Adrian Marsh [mailto:Adrian.Marsh@ubiquisys.com]
> Sent: 07 March 2007 14:55
> To: users@subversion.tigris.org
> Subject: Restricting access
>
> Hi,
>
> I've an SVN server, accessed by svn+ssh, with 2 repositories. I'd like
> to control access to the repositories.
>
> The SSH config includes the setup to specify the tunnel user, eg:
>
> command="/usr/local/bin/svnserve -t
>
--tunnel-user=marsh",no-port-forwarding,no-agent-forwarding,no-X11-forwa
> rding,no-pty
>
>
> My svnserve.conf file has:
>
> -----
> [general]
> anon-access = none
> auth-access = write
> authz-db = authz
> realm = test_r
> -----
>
> My authz file has:
>
> -----
> [groups]
> test_group = marsh
>
> [/]
> @test_group = r
> -----
>
>
> This config works ok, and user "marsh" has r/o access to the
repository.
> However I want to use the same authz file for 2 repositories
> (changing "authz-db = authz" to "authz-db = /somedir/authz")
>
> So I thought that I'd need to specify the realm in the authz file, and
> then later on add a second realm config:
>
>
> -----
> [groups]
> test_group = marsh
>
> [test_r:/]
> @test_group = r
> -----
>
> But instead I get an authorisation failure.
>
> NB: At this point, both authz and svnserv.conf are in the same conf/
> directory under one repository.
>
> The full unix path to the repo is /svn/test_abc, so does the
[test_r:/]
> refer to the root of the repository - OR - the unix filepath ?
>
>
> What did I miss??
>
>
> Adrian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>

-- 
Rahul Bhargava
http://www.rahulbhargava.org
Phone: (925) 265-8801(W)|895-2201(M)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Mar 9 18:10:29 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.