[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache not restricting write access or capturing author

From: Quinn Taylor <quinntaylor_at_mac.com>
Date: Wed, 20 Aug 2008 22:24:43 -0600

I'm testing how to set up a repository for BYU CocoaHeads [http://cocoaheads.byu.edu
] for a group of coders who want to publicly share code. We want
public (anonymous) read access, but wish to restrict write access to a
pool of authorized users so the repository doesn't become polluted by
members who don't know what they're doing, or worse, but malicious
outsiders. Our site is run using Drupal 6, and I've been working on
getting mod_auth_mysql to tie into the existing database, such that
usernames and passwords synchronize automatically, since Drupal has a
nice interface for creating/changing them. As far as I can tell, the
setup is (mostly) correct, but I'm seeing odd problems.

My test setup can be viewed in a browser or checked out from this URL:


The repository is publicly viewable, but it seems that the
restrictions I (think I) have described are not working correctly. I'm
fairly certain that these problems are linked—namely, that the lack of
restricting write access is allowing anonymous commits, so I get (no
author) in my repository.

I've configured the module parameters according to how Drupal stores
data. My httpd.conf file includes the following (with the appropriate
database, username, and password):

<Location /chsvn>
         DAV svn
         SVNIndexXSLT /svnindex.xsl
         SVNPath /Users/cocoaheads/Subversion/cocoaheads
         SVNReposName "CocoaHeads SVN Repository"
         AuthName "CocoaHeads SVN Repository"
         AuthType Basic
         Satisfy Any

         AuthMySQLEnable On
         AuthMySQLHost localhost
         AuthMySQLDB ***
         AuthMySQLUser ***
         AuthMySQLPassword ***
         AuthMySQLUserTable "users, users_roles"
         AuthMySQLNameField name
         AuthMySQLPasswordField pass
         AuthMySQLPwEncryption md5

         AuthBasicAuthoritative Off
         AuthMySQLAuthoritative On

         # Restrict write access only
                AuthMySQLUserCondition "users.uid = users_roles.uid AND
users_roles.rid IN (3,4)" # Site Managers and Administrators
                Require valid-user

I'm not an Apache expert by any stretch of the imagination, and my
understanding of how exactly Apache handles SVN actions (e.g.
PROPFIND, CHECKOUT, MERGE, etc.) is very weak. Any help in getting
this resolved would be much appreciated. I can provide Apache logs as
requested. Specifically, where would I find information about
authentication/authorization, what the difference is in terms of SVN
activity, logs of such activity, etc. would be awesome. I realize it's
a lot to ask, and I don't expect an essay in response—even links to
help explain would be very useful.

Thanks in advance,
   - Quinn

  • application/pkcs7-signature attachment: smime.p7s
Received on 2008-08-21 06:25:25 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.