[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: SVNParent authz

From: Cooke, Mark <mark.cooke_at_siemens.com>
Date: Fri, 29 Jul 2011 07:48:53 +0100

> -----Original Message-----
> From: Andy Canfield [mailto:andy.canfield_at_pimco.mobi]
> Sent: 29 July 2011 05:14
> To: users_at_subversion.apache.org
> Subject: SVNParent authz
>
> I am having a problem with AuthzSVNAccessFile.
>
> Consider the case where I have two repositories, R1 and R2 Some users
> are authorized to examine R1 by going to
> http://example.com/svn/R1
> Other users are authorized to examine R2 by going to
> http://example.com/svn/R2
> But everyone should be able to see the list of repositories
> by going to
> http://example.com/svn
>
> I can't get that to work. I am having a problem with the
> mod_dav_svn.conf command:
> AuthzSVNAccessFile /Subversion/conf/authz
> If I have AuthzSVNAccessFile turned off (commented out), then
> all users
> can see the contents of all repositories. But if I have
> AuthzSVNAccssFile turned on, then nobody is authorized to see
> the list
> of repositories via "http://example.com/svn" because I can't
> figure out
> how to set authz to give read access to the repository collection but
> limited access to the individual repositories. Here is my
> closest guess
> for authz -
> [groups]
> everyone = andy,fred
> [/]
> @everyone = r
> [subdoc:/]
> andy = rw
> The "[/]" section is the part that is incorrect. How can I
> give everyone
> read access to "http:///example.com/svn" without giving them
> read access
> to "http://example.com/svn/subdoc" ? Indeed, it seems as if
> the instant
> I turn on AuthzSVNAccessFile nobody can read
> "http://example.com/svn" at
> all.
>
> Thank you for your patience.
>
There was a bug relating to authz which meant that users had to have
access to the root to see anything, you do not mention which version you
are using?

Note that you can remove permissions as well as grant them, so something
like this should work...

[groups]
everyone = andy,fred

[/]
@everyone = r

[R1:/]
andy = rw
fred =

[R2:/]
andy =
fred = rw

If that does not work, can you post the relevant bits of your apache
conf and also which versions and platforms you are on. For example, I
use the following for our windoze based repos:

<Location /svn/>
    DAV svn
    SVNParentPath D:/svn/root/
    SVNListParentPath On
    # restrict access to subversion repository paths...
    AuthzForceUsernameCase Lower
    AuthzSVNAccessFile D:/path/to/svn-users.txt
</Location>

~ mark c
Received on 2011-07-29 08:50:03 CEST

This is an archived mail posted to the Subversion Users mailing list.