<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<div class="wiki-content">
<p>Hi, I'd like to ask a question here.</p>
<p>I've been using Apache to serve SVN content for quite some years,
but I got a question recently and can not find an answer from the svn
redbean book.</p>
<p>Quote of concerning httpd.conf lines:</p>
<div class="code panel" style="border-width: 1px;">
<div class="codeContent panelContent">
<pre class="code-java">SVNListParentPath on
<Location /svnreps/>
DAV svn
SVNParentPath D:/SvnReps
AuthzSVNAccessFile D:/SvnReps/svn-authz-file
Satisfy Any
Require valid-user
AuthType Basic
AuthName <span class="code-quote">"nlscan Subversion repository"</span>
AuthUserFile D:/SvnReps/svn-auth-file
</Location>
# SVN: Isyslib (container)
<Location /svnreps/Isyslib/>
DAV svn
SVNParentPath D:/SvnReps/Isyslib
AuthzSVNAccessFile D:/SvnReps/Isyslib/svn-authz-file
Satisfy Any
Require valid-user
</Location>
# SVN: makingsys (container)
<Location /svnreps/makingsys/>
DAV svn
SVNParentPath D:/SvnReps/makingsys
AuthzSVNAccessFile D:/SvnReps/makingsys/svn-authz-file
Satisfy Any
Require valid-user
</Location></pre>
</div>
</div>
<p>Description:</p>
<ul>
<li>I'm running Subversion 1.6.1 on a Windows box. The apache server
is the one bundled with CollabNet Subversion 1.6.1 win32 binary
package. </li>
<li>Assuming the svn client is run from the same machine of svn http
server. </li>
<li>According to the config above, an anonymous user can already
browse <span class="nobr"><a href="http://localhost/svnreps/"
rel="nofollow">http://localhost/svnreps/</a></span> with IE, firefox
etc and see two directories(repository parent dir) listed: <tt>Isyslib</tt>
and <tt>makingsys</tt> . </li>
<li>There are two svn repos within Isyslib named repos1 and repos2 . </li>
</ul>
<p>Now please listen carefully about what I want to accomplish:</p>
<ul>
<li>Goal 1: Allow anonymous user to browse <span class="nobr"><a
href="http://localhost/svnreps/Isyslib/" rel="nofollow">http://localhost/svnreps/Isyslib/</a></span>
,i.e. user see repos1 and repos2 in web browser. </li>
<li>Goal 2: repos1 and repos2 should both be configured to deny
anonymous read and write, only explicit user configured in
D:/SvnReps/Isyslib/svn-authz-file are allowed to read/write. </li>
</ul>
<p>I found I cannot acommplish that goal.<br>
</p>
<p><br>
</p>
<p>Case 1: I compose D:/SvnReps/Isyslib/svn-authz-file as</p>
<div class="code panel" style="border-width: 1px;">
<div class="codeContent panelContent">
<pre class="code-java">[/]
* = r
[repos1:/]
usera = rw
[repos2:/]
userb = rw</pre>
</div>
</div>
<p>Goal 1 OK, but Goal 2 not. Anonymous can browse+read repos1 and
repos2. </p>
<p><br>
</p>
<p>Case 2: I compose D:/SvnReps/Isyslib/svn-authz-file </p>
<div class="code panel" style="border-width: 1px;">
<div class="codeContent panelContent">
<pre class="code-java">[repos1:/]
usera = rw
[repos2:/]
userb = rw</pre>
</div>
</div>
<p>Goal 2 is OK but Goal 1 not. </p>
<p>When a web client browses <span class="nobr"><a
href="http://localhost/svnreps/Isyslib/" rel="nofollow">http://localhost/svnreps/Isyslib/</a></span>
,</p>
<ul>
<li>If no username/passwd is provided, the client gets HTTP error 401
Authorization Required. </li>
<li>If valid username of usera is provided, the client gets HTTP
error 403 Forbidden. </li>
</ul>
<p>Could someone teach me how to accomplish both goals?</p>
</div>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/">
<rdf:Description
rdf:about="http://webs:8080/display/SDTUEC/How+to+allow+anonymous+browsing+SVNParentPath+but+restrict+access+to+the+repos+within"
dc:identifier="http://webs:8080/display/SDTUEC/How+to+allow+anonymous+browsing+SVNParentPath+but+restrict+access+to+the+repos+within"
dc:title="How to allow anonymous browsing SVNParentPath but restrict access to the repos within"
trackback:ping="http://webs:8080/rpc/trackback/29130977"/>
</rdf:RDF>
--><!--
Root decorator: all decisions about how a page is to be decorated via the
inline decoration begins here.
--><!--
Switch based upon the context. However, for now, just delegate to a decorator
identified directly by the context.
-->
</body>
</html>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379424
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-03 07:11:37 CEST