Hello, I'm having trouble with fine grain permissions on a Per-Directory
Access Control and multiple subversion repositories under apache.
I use subversion-1.4.3_2, neon-0.26.3, apache-2.0.59, db4-4.0.14_1,1
under FreeBSD 5.5-STABLE on a standard PC. The URLs looks like
https://svn.domain.com/myrepo or https://svn.domain.com/otherrepo. The
server runs fine since 2 years, I don't have any problem with multiple
repos. Today, I must give read/write acces to some users and no access
to everybody on a subdirectory of one repository.
I must give everybody read access (comment the line like "#*=" or give
"*=r" to the subdir repo in authz file) to give the write permission for
authenticated users to a subdirectory [myrepo:/myrepo-coreV1] in this
repository. If I don't give everybody read permission, only the admin
group can read/write anything. All other rules in each subdir inside
"myrepo" and the "otherrepo" work great.
Some apache logs
[Thu May 24 14:24:25 2007] [error] [client 10.0.0.112] Access denied: -
GET myrepo:/myrepo-coreV1, referer: https://svn.domain.com/myrepo/
I noticed that you cannot use the "LimitExcept" directive if there is
"*=" in the authz file for one repository. Is it documented somewhere.
Here are the elements of the config:
Apache:
=======
<Location /myrepo>
DAV svn
SVNPath /home/www/domain.com/svn/repos/myrepo
AuthzSVNAccessFile /home/www/domain.com/svn/conf/global_authz
Satisfy Any
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
AuthType Basic
AuthName "Subversion myrepo Repositories"
AuthUserFile /home/www/domain.com/svn/conf/svn_users
</LimitExcept>
</Location>
<Location /otherrepo>
DAV svn
SVNPath /home/www/domain.com/svn/repos/otherrepo
AuthzSVNAccessFile /home/www/domain.com/svn/conf/global_authz
Require valid-user
AuthType Basic
AuthName "Subversion otherrepo Repositories"
AuthUserFile /home/www/domain.com/svn/conf/svn_users
</Location>
global_authz:
=============
[groups]
admin = myusername
myrepocontrib = user1, user2, user3
myrepoV1contrib = user1, user2
otherrepo = user1, user4, user5
[/]
@admin = rw
* =
[myrepo:/]
@admin = rw
@myrepocontrib = rw
* = r
[rmyrepo:/myrepo-core/taglib]
@admin = rw
@myrepocontrib = rw
user4 = rw
* = r
[myrepo:/myrepo-coreV1]
@admin = rw
@myrepoV1contrib = rw
#* =
[otherrepo:/]
@admin = rw
@otherrepo = rw
* =
Does anybody get some idea where I would have make a mistake or
something else ? I search on the Internet for a long time but I did not
find anything to explain it.
Thanks for any help.
Geodni
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 24 17:17:09 2007