On Fri, 2008-04-18 at 09:27 -0500, Dan Bahena wrote:
> Hi
>
> I've configured websvn to browse my repos, but now I want to configure
> access rights and authentication to it. In the documentation it mentions
> that I need to uncomment one line in the config.php (which I have done)
> and it also mentions about configuring the /websvn directory. It talks
> about SSPI and it even gives a sample of the configuration but it does
> not mention where to place that.
Hello Dan,
I have done configured this on Gentoo.
I use websvn-2.0, apache-2.2.8, pwauth-2.3.5, and samba's winbind as authenticator.
Background: My svn directory structure like this:
/svn/
|-/acl/<repo>.acl
|-/repos/<repo>
|-/hotcopy_backup/<repo>
For per repository Access control, I modified one file.
subverison02 ~ # egrep -v '^//|^#|^$' /usr/share/webapps/websvn/2.0/htdocs/include/config.php
<?php
$config->parentPath("/svn/repos");
$config->setTemplatePath("$locwebsvnreal/templates/johns_custom_template");
$config->useAuthenticationFile('/svn/acls/PROJECTA.acl', 'PROJECTA');
$config->useAuthenticationFile('/svn/acls/PROJECTB.acl', 'PROJECTB');
$config->useAuthenticationFile('/svn/acls/PROJECTC.acl', 'PROJECTC');
$config->useAuthenticationFile('/svn/acls/PCB_Design.acl', 'PCB_Design');
$config->useAuthenticationFile('/svn/acls/SERVICE.acl', 'SERVICE');
$config->useAuthenticationFile('/svn/acls/TEST2.acl', 'TEST2');
$config->useAuthenticationFile('/svn/acls/bla.acl', 'bla');
$config->useAuthenticationFile('/svn/acls/joe.acl', 'joe');
$config->useAuthenticationFile('/svn/acls/sam.acl', 'sam');
$config->useAuthenticationFile('/svn/acls/don.acl', 'don');
$config->setMinDownloadLevel(2);
set_time_limit(0);
$config->expandTabsBy(8);
?>
One acl file looks like this:
cat >> /svn/acl/TEST.acl <<'EOF'
# TEST Repo ACLS
#=================
# NAME: EMAIL Login ACCESS
#--------------------------------------------------#
# Any Employee <any_at_foo.com> any admin
# Homer Simpson <homer_at_foo.com> homer devel
#--------------------------------------------------#
[groups]
admin = any
devel = homer
#---------------------#
[TEST:/]
# Read access by default
@admin = rw
@devel = rw
#---------------------#
EOF
My pam setup looks like this:
cat >> /etc/pam.d/apache2 <<'EOF'
auth required pam_winbind.so
account required pam_winbind.so
EOF
The Apache config for websvn looks like this:
cat >> /etc/apache2/conf.d/websvn <<'EOF'
<IfModule authnz_external_module>
AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe
</IfModule>
Alias /websvn "/usr/share/webapps/websvn/2.0/htdocs"
<Directory "/usr/share/webapps/websvn/2.0/htdocs">
Options FollowSymLinks MultiViews
AllowOverride None
order allow,deny
allow from all
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
AuthType Basic
AuthName "Websvn: Subversion Repository Web Interface"
#AuthPAM_Enabled on # Had to comment-out for newer apache
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
</Directory>
EOF
Edit main virutal host to include the websvn config file.
vi /etc/apache2/vhosts.d/00_ssl_vhost.conf
# Include /etc/apache2/conf.d/websvn
Customize the greeting and templates
cd /usr/share/webapps/websvn/2.0/htdocs/templates/
rsync -av calm/ johns_custom_template/
vi /usr/share/webapps/websvn/2.0/htdocs/templates/johns_custom_template/index.tmpl
I didn't include the joining the samba system to the AD domain to get winbind working, as that is a little off topic.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-04-18 20:15:12 CEST