Re: Odd behavior

On Mar 19, 2011, at 22:14 , Rodrigo Montenegro wrote:

> I have the following repository configuration file for apache:
>
> <Location /svn/repos/>
> AuthType Basic
> AuthName "Subversion"
> AuthUserFile /srv/svn/svnauth
>
> DAV svn
> SVNParentPath /srv/svn/repos
> SVNListParentPath On
>
> require valid-user
> </Location>
>
> <Location /svn/repos/repo1>
> require valid-user
> </Location>
>
> <Location /svn/repos/repo1/trunk/secret>
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require user secretowner
> </LimitExcept>
> <Limit GET PROPFIND OPTIONS REPORT>
> require user secretowner
> </Limit>
> </Location>
>
> It seems right to me but the odd behavior is that when some valid-user but secretowner checkouts trunk the folder secret keeps coming as well its content.
> What is wrong?

Only the first of your overlapping <Location> directives has any effect.
The other two may as well be deleted.

For Subversion, the Apache configuration controls access to an entire
repository as a unit.

To hide part of a repository from some users, there is path-based
authorization. It uses a different mechanism. See the SVN book for
details:

  http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir
  http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html

Note that you can't hide the existence of a forbidden directory, so it's
not very secret even when the path-based authorization is working. If
you have real secrets you should avoid storing them with your source
code.

Regards,
Steve

--
Stephen Butler | Senior Consultant
elego Software Solutions GmbH
Gustav-Meyer-Allee 25 | 13355 Berlin | Germany
fon: +49 30 2345 8696 | mobile: +49 163 25 45 015
fax: +49 30 2345 8695 | http://www.elegosoft.com
Geschäftsführer: Olaf Wagner | Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194