[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

mod_authz_svn: cannot restrict access to subdirectories

From: Christoph Ludwig <ludwig_at_fh-worms.de>
Date: 2007-06-28 15:04:10 CEST

Hi,

I am using mod_authz_svn 1.3.1 installed from the libapache2-svn package of
Ubuntu 6.06. I want to give a group of colleagues from other institutions full
access through https to some directory /trunk/a/b in one of our repositories,
but not to the its parent directories.

I found after some googling that I have to give them read access at least to
the repository's top level directory / or any access to /trunk/a/b is denied.
I can live with that since the top level directory contains nothing I want to
protect. But I don't want them to read the intermediate directory
/trunk/a. However, all my attempts to refuse them access failed.

Below are the relevant parts of my apache configuration and of the authz. Can
anyone give me apointer what's wrong?

Regards

Christoph

Apache config:

    <Location /svn/>
        DAV svn
        SVNParentPath /srv/subversion/

        ##################
        # Authentication #
        ##################

        # Don't ask for client certificates
        SSLVerifyClient none

        # Authenticate by a simple password file.
        # That's ok because the password is transmitted over an
        # TLS-secured connection.
        AuthName "subversion repositories"
        AuthType basic
        AuthUserFile /srv/subversion/AAI/httpd.passwd

        #################
        # Authorization #
        #################

        # try anonymous access first, resort to real
        # authentication if the authorization policy
        # makes it necessary.
        satisfy any
        require valid-user

        # authorization policy file
        AuthzSVNAccessFile /srv/subversion/AAI/authz
    </Location>

(sanitized) authz:

  [groups]
  internal = myself,assistant
  project = myself,assistant,colleagueA,colleagueB

  # default access
  [/]
  @internal = rw
  * =

  # access control for the various repositories
  [repA:/]
  @internal = rw
  @project = r
  * =

  [repA:/trunk/]
  @internal = rw
  @project =

  [repA:/trunk/a/b/]
  @project = rw

-- 
FH Worms - University of Applied Sciences
Fachbereich Informatik / Telekommunikation
Erenburgerstr. 19, 67549 Worms, Germany
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 28 15:05:38 2007

This is an archived mail posted to the Subversion Users mailing list.