[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to allow anonymous browsing SVNParentPath but restrict access to the repos within

From: Stephen Connolly <stephen.alan.connolly_at_gmail.com>
Date: Mon, 3 Aug 2009 10:08:40 +0100

2009/8/3 "Chen (陈) Jun (军)" <chjfth_at_gmail.com>

> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> </head>
> <body bgcolor="#ffffff" text="#000000">
> <div class="wiki-content">
> <p>Hi, I'd like to ask a question here.</p>
> <p>I've been using Apache to serve SVN content for quite some years,
> but I got a question recently and can not find an answer from the svn
> redbean book.</p>
> <p>Quote of concerning httpd.conf lines:</p>
> <div class="code panel" style="border-width: 1px;">
> <div class="codeContent panelContent">
> <pre class="code-java">SVNListParentPath on
>
> &lt;Location /svnreps/&gt;
> DAV svn
>
> SVNParentPath D:/SvnReps
> AuthzSVNAccessFile D:/SvnReps/svn-authz-file
>
> Satisfy Any
> Require valid-user
>
> AuthType Basic
> AuthName <span class="code-quote">"nlscan Subversion repository"</span>
> AuthUserFile D:/SvnReps/svn-auth-file
> &lt;/Location&gt;
>
>
> # SVN: Isyslib (container)
> &lt;Location /svnreps/Isyslib/&gt;
> DAV svn
>
> SVNParentPath D:/SvnReps/Isyslib
> AuthzSVNAccessFile D:/SvnReps/Isyslib/svn-authz-file
>
> Satisfy Any
> Require valid-user
>
> &lt;/Location&gt;
>
> # SVN: makingsys (container)
> &lt;Location /svnreps/makingsys/&gt;
> DAV svn
>
> SVNParentPath D:/SvnReps/makingsys
> AuthzSVNAccessFile D:/SvnReps/makingsys/svn-authz-file
>
> Satisfy Any
> Require valid-user
> &lt;/Location&gt;</pre>
> </div>
> </div>
> <p>Description:</p>
> <ul>
> <li>I'm running Subversion 1.6.1 on a Windows box. The apache server
> is the one bundled with CollabNet Subversion 1.6.1 win32 binary
> package. </li>
> <li>Assuming the svn client is run from the same machine of svn http
> server. </li>
> <li>According to the config above, an anonymous user can already
> browse <span class="nobr"><a href="http://localhost/svnreps/"
> rel="nofollow">http://localhost/svnreps/</a></span> with IE, firefox
> etc and see two directories(repository parent dir) listed: <tt>Isyslib</tt>
> and <tt>makingsys</tt> . </li>
> <li>There are two svn repos within Isyslib named repos1 and repos2 . </li>
> </ul>
> <p>Now please listen carefully about what I want to accomplish:</p>
> <ul>
> <li>Goal 1: Allow anonymous user to browse <span class="nobr"><a
> href="http://localhost/svnreps/Isyslib/" rel="nofollow">
> http://localhost/svnreps/Isyslib/</a></span>
> ,i.e. user see repos1 and repos2 in web browser. </li>
> <li>Goal 2: repos1 and repos2 should both be configured to deny
> anonymous read and write, only explicit user configured in
> D:/SvnReps/Isyslib/svn-authz-file are allowed to read/write. </li>
> </ul>
> <p>I found I cannot acommplish that goal.<br>
> </p>
> <p><br>
> </p>
> <p>Case 1: I compose D:/SvnReps/Isyslib/svn-authz-file as</p>
> <div class="code panel" style="border-width: 1px;">
> <div class="codeContent panelContent">
> <pre class="code-java">[/]
> * = r
>
> [repos1:/]
> usera = rw
>
> [repos2:/]
> userb = rw</pre>
> </div>
> </div>
> <p>Goal 1 OK, but Goal 2 not. Anonymous can browse+read repos1 and
> repos2. </p>
> <p><br>
> </p>
> <p>Case 2: I compose D:/SvnReps/Isyslib/svn-authz-file </p>
> <div class="code panel" style="border-width: 1px;">
> <div class="codeContent panelContent">
> <pre class="code-java">[repos1:/]
> usera = rw
>
> [repos2:/]
> userb = rw</pre>
> </div>
> </div>
> <p>Goal 2 is OK but Goal 1 not. </p>
> <p>When a web client browses <span class="nobr"><a
> href="http://localhost/svnreps/Isyslib/" rel="nofollow">
> http://localhost/svnreps/Isyslib/</a></span>
> ,</p>
> <ul>
> <li>If no username/passwd is provided, the client gets HTTP error 401
> Authorization Required. </li>
> <li>If valid username of usera is provided, the client gets HTTP
> error 403 Forbidden. </li>
> </ul>
> <p>Could someone teach me how to accomplish both goals?</p>
> </div>
> <!--
> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
> xmlns:dc="http://purl.org/dc/elements/1.1/"
> xmlns:trackback="
> http://madskills.com/public/xml/rss/module/trackback/">
> <rdf:Description
> rdf:about="
> http://webs:8080/display/SDTUEC/How+to+allow+anonymous+browsing+SVNParentPath+but+restrict+access+to+the+repos+within
> "
> dc:identifier="
> http://webs:8080/display/SDTUEC/How+to+allow+anonymous+browsing+SVNParentPath+but+restrict+access+to+the+repos+within
> "
> dc:title="How to allow anonymous browsing SVNParentPath but restrict
> access to the repos within"
> trackback:ping="http://webs:8080/rpc/trackback/29130977"/>
> </rdf:RDF>
> --><!--
> Root decorator: all decisions about how a page is to be decorated via
> the
> inline decoration begins here.
> --><!--
> Switch based upon the context. However, for now, just delegate to a
> decorator
> identified directly by the context.
> -->
> </body>
> </html>
>

You will get a better chance of a response if you post your emails as plain
text

>
> ------------------------------------------------------
>
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379424
>
> To unsubscribe from this discussion, e-mail: [
> users-unsubscribe_at_subversion.tigris.org].
>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379465

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-03 11:10:01 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.