[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

authorization issue in svn using apache

From: <sanjeev.kumarroy_at_wipro.com>
Date: Tue, 1 Jul 2008 19:27:58 +0530

Hi,

I am a newbie to the svn community.

I have built the subversion (subversion-1.5.0) with the help of apache
(httpd 2.2.9).

However I am not quite sure how to enable authorization on a directory
basis for the contents of the repository.

 

My repository is located at /usr/local/svn. I am able to checkout the
repository using

http://10.138.x.yy:aaaa/svn/

 

However now I need to grant user level access to each of the directories
within the repository.

 

I am not sure how to grant "per directory access control" to users. I
have successfully created a svn-auth-file which contains the username
and passwords for all the users.

 

However as mentioned in Chapter 6, example 6.3 (A sample configuration
for mixed authenticated/anonymous access) I am not able to get the
"AuthzSVNAccessFile". Is it a file that should be created within the
conf directory when I create a repository, as was the case with
"svnserve.conf and authz files" which get created automatically?

 

Please let me know if this file gets automatically created else if one
has to create it manually for the configuration then please let me know
what possible entries I need to put to it.

 

 

 

I am a newbie, hence not much aware of the configurations. Please help.

Thanks in advance.

 

Below is the entry of the httpd.conf file I have used in the
configuration
########################################################################
####

 

#

# ServerRoot: The top of the directory tree under which the server's #
configuration, error, and log files are kept.

#

# Do not add a slash at the end of the directory path. If you point #
ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for
multiple # httpd daemons, you will need to change at least LockFile and
PidFile.

#

ServerRoot "/usr/local/apache2"

 

#

# Listen: Allows you to bind Apache to specific IP addresses and/or #
ports, instead of the default. See also the <VirtualHost> # directive.

#

Listen 10.138.x.yy:aaaa

 

#

# Dynamic Shared Object (DSO) Support

#

#

# Example:

# LoadModule foo_module modules/mod_foo.so

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so

#

 

<IfModule !mpm_netware_module>

<IfModule !mpm_winnt_module>

#

# If you wish httpd to run as a different user or group, you must run #
httpd as root initially and it will switch.

#

# User/Group: The name (or #number) of the user/group to run httpd as.

# It is usually good practice to create a dedicated user and group for #
running httpd, as with most system services.

#

User daemon

Group daemon

 

</IfModule>

</IfModule>

 

# 'Main' server configuration

#

# The directives in this section set up the values used by the 'main'

# server, which responds to any requests that aren't handled by a #
<VirtualHost> definition. These values also provide defaults for # any
<VirtualHost> containers you may define later in the file.

#

# All of these directives may appear inside <VirtualHost> containers, #
in which case these default settings will be overridden for the #
virtual host being defined.

#

 

#

# ServerAdmin: Your address, where problems with the server should be #
e-mailed. This address appears on some server-generated pages, such #
as error documents. e.g. admin_at_your-domain.com # ServerAdmin
you_at_example.com

 

#

# ServerName gives the name and port that the server uses to identify
itself.

# This can often be determined automatically, but we recommend you
specify # it explicitly to prevent problems during startup.

#

# If your host doesn't have a registered DNS name, enter its IP address
here.

#

#ServerName www.example.com:80

ServerName 10.138.x.yy:aaaa

#

# DocumentRoot: The directory out of which you will serve your #
documents. By default, all requests are taken from this directory, but #
symbolic links and aliases may be used to point to other locations.

#

DocumentRoot "/usr/local/apache2/htdocs"

 

#

# Each directory to which Apache has access can be configured with
respect # to which services and features are allowed and/or disabled in
that # directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of #
features.

#

<Directory />

    Options FollowSymLinks

    AllowOverride None

    Order deny,allow

    Deny from all

</Directory>

 

#

# Note that from this point forward you must specifically allow #
particular features to be enabled - so if something's not working as #
you might expect, make sure that you have specifically enabled it #
below.

#

 

#

# This should be changed to whatever you set DocumentRoot to.

#

<Directory "/usr/local/apache2/htdocs">

    #

    # Possible values for the Options directive are "None", "All",

    # or any combination of:

    # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
MultiViews

    #

    # Note that "MultiViews" must be named *explicitly* --- "Options
All"

    # doesn't give it to you.

    #

    # The Options directive is both complicated and important. Please
see

    # http://httpd.apache.org/docs/2.2/mod/core.html#options

    # for more information.

    #

    Options Indexes FollowSymLinks

 

    #

    # AllowOverride controls what directives may be placed in .htaccess
files.

    # It can be "All", "None", or any combination of the keywords:

    # Options FileInfo AuthConfig Limit

    #

    AllowOverride None

 

    #

    # Controls who can get stuff from this server.

    #

    Order allow,deny

    Allow from all

 

</Directory>

 

#

# DirectoryIndex: sets the file that Apache will serve if a directory #
is requested.

#

<IfModule dir_module>

    DirectoryIndex index.html

</IfModule>

 

#

# The following lines prevent .htaccess and .htpasswd files from being #
viewed by Web clients.

#

<FilesMatch "^\.ht">

    Order allow,deny

    Deny from all

    Satisfy All

</FilesMatch>

 

#

# ErrorLog: The location of the error log file.

# If you do not specify an ErrorLog directive within a <VirtualHost> #
container, error messages relating to that virtual host will be # logged
here. If you *do* define an error logfile for a <VirtualHost> #
container, that host's errors will be logged there and not here.

#

ErrorLog "logs/error_log"

 

LogLevel debug

 

<IfModule log_config_module>

    #

    # The following directives define some format nicknames for use with

    # a CustomLog directive (see below).

    #

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined

    LogFormat "%h %l %u %t \"%r\" %>s %b" common

 

    <IfModule logio_module>

      # You need to enable mod_logio.c to use %I and %O

      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio

    </IfModule>

 

    CustomLog "logs/access_log" common

    #CustomLog "logs/access_log" combined </IfModule>

 

<IfModule alias_module>

    #

    # Redirect: Allows you to tell clients about documents that used to

    # exist in your server's namespace, but do not anymore. The client

    # will make a new request for the document at its new location.

    # Example:

    # Redirect permanent /foo http://www.example.com/bar

 

    #

    # Alias: Maps web paths into filesystem paths and is used to

    # access content that does not live under the DocumentRoot.

    # Example:

    # Alias /webpath /full/filesystem/path

    #

    # If you include a trailing / on /webpath then the server will

    # require it to be present in the URL. You will also likely

    # need to provide a <Directory> section to allow access to

    # the filesystem path.

 

    #

    # ScriptAlias: This controls which directories contain server
scripts.

    # ScriptAliases are essentially the same as Aliases, except that

    # documents in the target directory are treated as applications and

    # run by the server when requested rather than as documents sent to
the

    # client. The same rules about trailing "/" apply to ScriptAlias

    # directives as to Alias.

    #

    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"

 

</IfModule>

 

<IfModule cgid_module>

    #

    # ScriptSock: On threaded servers, designate the path to the UNIX

    # socket used to communicate with the CGI daemon of mod_cgid.

    #

    #Scriptsock logs/cgisock

</IfModule>

 

#

# "/usr/local/apache2/cgi-bin" should be changed to whatever your
ScriptAliased # CGI directory exists, if you have that configured.

#

<Directory "/usr/local/apache2/cgi-bin">

    AllowOverride None

    Options None

    Order allow,deny

    Allow from all

</Directory>

 

#

# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename
extensions.

# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to #
keep browsers from trying to display binary files as though they are #
text.

#

DefaultType text/plain

 

<IfModule mime_module>

    #

    # TypesConfig points to the file containing the list of mappings
from

    # filename extension to MIME-type.

    #

    TypesConfig conf/mime.types

 

    #

    # AddType allows you to add to or override the MIME configuration

    # file specified in TypesConfig for specific file types.

    #

    #AddType application/x-gzip .tgz

    #

    # AddEncoding allows you to have certain browsers uncompress

    # information on the fly. Note: Not all browsers support this.

    #

    #AddEncoding x-compress .Z

    #AddEncoding x-gzip .gz .tgz

    #

    # If the AddEncoding directives above are commented-out, then you

    # probably should define those extensions to indicate media types:

    #

    AddType application/x-compress .Z

    AddType application/x-gzip .gz .tgz

 

    #

    # AddHandler allows you to map certain file extensions to
"handlers":

    # actions unrelated to filetype. These can be either built into the
server

    # or added with the Action directive (see below)

    #

    # To use CGI scripts outside of ScriptAliased directories:

    # (You will also need to add "ExecCGI" to the "Options" directive.)

    #

    #AddHandler cgi-script .cgi

 

    # For type maps (negotiated resources):

    #AddHandler type-map var

 

    #

    # Filters allow you to process content before it is sent to the
client.

    #

    # To parse .shtml files for server-side includes (SSI):

    # (You will also need to add "Includes" to the "Options" directive.)

    #

    #AddType text/html .shtml

    #AddOutputFilter INCLUDES .shtml

</IfModule>

 

#

# The mod_mime_magic module allows the server to use various hints from
the # contents of the file itself to determine its type. The
MIMEMagicFile # directive tells the module where the hint definitions
are located.

#

#MIMEMagicFile conf/magic

 

#

# Customizable error responses come in three flavors:

# 1) plain text 2) local redirects 3) external redirects # # Some
examples:

#ErrorDocument 500 "The server made a boo boo."

#ErrorDocument 404 /missing.html

#ErrorDocument 404 "/cgi-bin/missing_handler.pl"

#ErrorDocument 402 http://www.example.com/subscription_info.html

#

 

#

# EnableMMAP and EnableSendfile: On systems that support it, #
memory-mapping or the sendfile syscall is used to deliver # files. This
usually improves server performance, but must # be turned off when
serving from networked-mounted # filesystems or if support for these
functions is otherwise # broken on your system.

#

#EnableMMAP off

#EnableSendfile off

 

# Supplemental configuration

#

# The configuration files in the conf/extra/ directory can be # included
to add extra features or to modify the default configuration of # the
server, or you may simply copy their contents here and change as #
necessary.

 

# Server-pool management (MPM specific)

#Include conf/extra/httpd-mpm.conf

 

# Multi-language error messages

#Include conf/extra/httpd-multilang-errordoc.conf

 

# Fancy directory listings

#Include conf/extra/httpd-autoindex.conf

 

# Language settings

#Include conf/extra/httpd-languages.conf

 

# User home directories

#Include conf/extra/httpd-userdir.conf

 

# Real-time info on requests and configuration #Include
conf/extra/httpd-info.conf

 

# Virtual hosts

#Include conf/extra/httpd-vhosts.conf

 

# Local access to the Apache HTTP Server Manual #Include
conf/extra/httpd-manual.conf

 

# Distributed authoring and versioning (WebDAV) #Include
conf/extra/httpd-dav.conf

 

# Various default settings

#Include conf/extra/httpd-default.conf

 

# Secure (SSL/TLS) connections

#Include conf/extra/httpd-ssl.conf

#

# Note: The following must must be present to support

# starting without SSL on platforms with no /dev/random equivalent

# but a statically compiled-in mod_ssl.

#

<IfModule ssl_module>

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

</IfModule>

 

<Location /svn>

DAV svn

SVNPath /usr/local/subversion/repository

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /usr/local/subversion/repository/conf/svn-auth-file

Require valid-user

</Location>

 

 

 

Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Received on 2008-07-02 22:30:08 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.