[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

How to allow anonymous browsing SVNParentPath but restrict access to the repos within(plain text)

From: Chen (陈) Jun (军) <chjfth_at_gmail.com>
Date: Mon, 03 Aug 2009 17:25:37 +0800

Hi, I'd like to ask a question here.

I've been using Apache to serve SVN content for quite some years, but I
got a question recently and can not find an answer from the svn redbean
book.

Quote of concerning httpd.conf lines:

SVNListParentPath on

<Location /svnreps/>
  DAV svn

  SVNParentPath D:/SvnReps
  AuthzSVNAccessFile D:/SvnReps/svn-authz-file

  Satisfy Any
  Require valid-user

  AuthType Basic
  AuthName "nlscan Subversion repository"
  AuthUserFile D:/SvnReps/svn-auth-file
</Location>

# SVN: Isyslib (container)
<Location /svnreps/Isyslib/>
  DAV svn

  SVNParentPath D:/SvnReps/Isyslib
  AuthzSVNAccessFile D:/SvnReps/Isyslib/svn-authz-file

  Satisfy Any
  Require valid-user

</Location>

# SVN: makingsys (container)
<Location /svnreps/makingsys/>
  DAV svn

  SVNParentPath D:/SvnReps/makingsys
  AuthzSVNAccessFile D:/SvnReps/makingsys/svn-authz-file

  Satisfy Any
  Require valid-user
</Location>

Description:

* I'm running Subversion 1.6.1 on a Windows box. The apache server is
the one bundled with CollabNet Subversion 1.6.1 win32 binary package.
* Assuming the svn client is run from the same machine of svn http server.
* According to the config above, an anonymous user can already browse
http://localhost/svnreps/ with IE, firefox etc and see two
directories(repository parent dir) listed: Isyslib and makingsys .
* There are two svn repos within Isyslib named repos1 and repos2 .

Now please listen carefully about what I want to accomplish:

* Goal 1: Allow anonymous user to browse
http://localhost/svnreps/Isyslib/ ,i.e. user see repos1 and repos2 in
web browser.
* Goal 2: repos1 and repos2 should both be configured to deny anonymous
read and write, only explicit user configured in
D:/SvnReps/Isyslib/svn-authz-file are allowed to read/write.

I found I cannot make it go right.

Case 1: I compose D:/SvnReps/Isyslib/svn-authz-file as

[/]
* = r

[repos1:/]
usera = rw

[repos2:/]
userb = rw

Goal 1 OK, but Goal 2 not. Anonymous can browse+read repos1 and repos2.

Case 2: I compose D:/SvnReps/Isyslib/svn-authz-file

[repos1:/]
usera = rw

[repos2:/]
userb = rw

Goal 2 is OK but Goal 1 not.

When a web client browses http://localhost/svnreps/Isyslib/ ,
* If no username/passwd is provided, the client gets HTTP error 401
Authorization Required.
* If valid username of usera is provided, the client gets HTTP error 403
Forbidden.
Could someone teach me how to accomplish both goals?

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379470

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-03 11:29:21 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.