[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

How to allow anonymous browsing SVNParentPath but restrict access to the repos within

From: Chen (陈) Jun (军) <chjfth_at_gmail.com>
Date: Mon, 03 Aug 2009 12:51:00 +0800

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<div class="wiki-content">
<p>Hi, I'd like to ask a question here.</p>
<p>I've been using Apache to serve SVN content for quite some years,
but I got a question recently and can not find an answer from the svn
redbean book.</p>
<p>Quote of concerning httpd.conf lines:</p>
<div class="code panel" style="border-width: 1px;">
<div class="codeContent panelContent">
<pre class="code-java">SVNListParentPath on

&lt;Location /svnreps/&gt;
  DAV svn

  SVNParentPath D:/SvnReps
  AuthzSVNAccessFile D:/SvnReps/svn-authz-file

  Satisfy Any
  Require valid-user

  AuthType Basic
  AuthName <span class="code-quote">"nlscan Subversion repository"</span>
  AuthUserFile D:/SvnReps/svn-auth-file
&lt;/Location&gt;

# SVN: Isyslib (container)
&lt;Location /svnreps/Isyslib/&gt;
  DAV svn

  SVNParentPath D:/SvnReps/Isyslib
  AuthzSVNAccessFile D:/SvnReps/Isyslib/svn-authz-file

  Satisfy Any
  Require valid-user

&lt;/Location&gt;

# SVN: makingsys (container)
&lt;Location /svnreps/makingsys/&gt;
  DAV svn

  SVNParentPath D:/SvnReps/makingsys
  AuthzSVNAccessFile D:/SvnReps/makingsys/svn-authz-file

  Satisfy Any
  Require valid-user
&lt;/Location&gt;</pre>
</div>
</div>
<p>Description:</p>
<ul>
  <li>I'm running Subversion 1.6.1 on a Windows box. The apache server
is the one bundled with CollabNet Subversion 1.6.1 win32 binary
package. </li>
  <li>Assuming the svn client is run from the same machine of svn http
server. </li>
  <li>According to the config above, an anonymous user can already
browse <span class="nobr"><a href="http://localhost/svnreps/"
 rel="nofollow">http://localhost/svnreps/</a></span> with IE, firefox
etc and see two directories(repository parent dir) listed: <tt>Isyslib</tt>
and <tt>makingsys</tt> . </li>
  <li>There are two svn repos within Isyslib named repos1 and repos2 . </li>
</ul>
<p>Now please listen carefully about what I want to accomplish:</p>
<ul>
  <li>Goal 1: Allow anonymous user to browse <span class="nobr"><a
 href="http://localhost/svnreps/Isyslib/" rel="nofollow">http://localhost/svnreps/Isyslib/</a></span>
,i.e. user see repos1 and repos2 in web browser. </li>
  <li>Goal 2: repos1 and repos2 should both be configured to deny
anonymous read and write, only explicit user configured in
D:/SvnReps/Isyslib/svn-authz-file are allowed to read/write. </li>
</ul>
<p>I found I cannot acommplish that goal.<br>
</p>
<p><br>
</p>
<p>Case 1: I compose D:/SvnReps/Isyslib/svn-authz-file as</p>
<div class="code panel" style="border-width: 1px;">
<div class="codeContent panelContent">
<pre class="code-java">[/]
* = r

[repos1:/]
usera = rw

[repos2:/]
userb = rw</pre>
</div>
</div>
<p>Goal 1 OK, but Goal 2 not. Anonymous can browse+read repos1 and
repos2. </p>
<p><br>
</p>
<p>Case 2: I compose D:/SvnReps/Isyslib/svn-authz-file </p>
<div class="code panel" style="border-width: 1px;">
<div class="codeContent panelContent">
<pre class="code-java">[repos1:/]
usera = rw

[repos2:/]
userb = rw</pre>
</div>
</div>
<p>Goal 2 is OK but Goal 1 not. </p>
<p>When a web client browses <span class="nobr"><a
 href="http://localhost/svnreps/Isyslib/" rel="nofollow">http://localhost/svnreps/Isyslib/</a></span>
,</p>
<ul>
  <li>If no username/passwd is provided, the client gets HTTP error 401
Authorization Required. </li>
  <li>If valid username of usera is provided, the client gets HTTP
error 403 Forbidden. </li>
</ul>
<p>Could someone teach me how to accomplish both goals?</p>
</div>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
         xmlns:dc="http://purl.org/dc/elements/1.1/"
         xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/">
<rdf:Description
    rdf:about="http://webs:8080/display/SDTUEC/How+to+allow+anonymous+browsing+SVNParentPath+but+restrict+access+to+the+repos+within"
    dc:identifier="http://webs:8080/display/SDTUEC/How+to+allow+anonymous+browsing+SVNParentPath+but+restrict+access+to+the+repos+within"
    dc:title="How to allow anonymous browsing SVNParentPath but restrict access to the repos within"
    trackback:ping="http://webs:8080/rpc/trackback/29130977"/>
</rdf:RDF>
--><!--
    Root decorator: all decisions about how a page is to be decorated via the
                    inline decoration begins here.
--><!--
    Switch based upon the context. However, for now, just delegate to a decorator
    identified directly by the context.
-->
</body>
</html>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379424

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-03 07:11:37 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.