[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN Permission problem

From: trevor obba <trevor_obba_at_yahoo.co.uk>
Date: Thu, 24 May 2012 19:36:38 +0100 (BST)

I am running subversion 1.6.6 on Ubuntu 10.04 (Lucid), Viewvc
1.0.9 and apache2 (2.2.14) and LDAP authentication.

I have multiple repositories on my SVN server and it all
working fine, however I am unable to set access control (permissions) using AuthzSVNAccessFile.

 “SVNParentPath /abc/svn”

The directories to my repositories are:
/abc/svn/repo1
/abc/svn/repo2
/abc/svn/repo3
/abc/svc/repo4
 
Users log-in with their LDAP account to https://www.test.com/viewvc or https://www.test.com/svn and can see all
repositories however when users drill down or click on repository only specific
users should be able to read and write to repository.

I tried to set up permission on repository but it does not
seem to work, where specific group of users are given read write access a
repository like

[groups]
developer1 = john, matthew, trevor
developer2 = john, monika, nick, Andrew
developer3 = john, victor, brown,

[/]
* = r

[repo1:/]
@developer1 = rw

[repo2:/]
@developer2 = rw

[repo3:/]
@developer3 = rw

The above permission does not work; users are still able to
drill down repositories regardless of permission, unless I explicitly state
that other groups have no permission to repository then it work like

 [/]
* = r

[repo1:/]
@developer1 = rw
@developer2 =
@developer3 =

[repo2:/]
@developer2 = rw
@developer1 =
@developer3 =

[repo3:/]
@developer3 = rw
@developer1 =
@developer2 =

However if any users, that are not a member of developer1,
developer2 and developer3
Logs-in he can drill down to every repositories and read any
files.

How do I restrict access to repository to specify group?

Here is my dav_svn.conf
<Location /svn/>
DAV svn
SVNParentPath /abc/svn
 SVNListParentPath On
AuthType Basic
  AuthName
"Subversion Repository"
   AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN
"o=bindme"
  AuthLDAPURL  ldap://x.x.x.x:389/ STARTTLS
  AuthzSVNAccessFile /etc/apache2/acl
  Require valid-user
</Location>
 
What am I doing wrong? Can help please
 
What am I doing wrong? Can help please
Received on 2012-05-24 20:37:17 CEST

This is an archived mail posted to the Subversion Users mailing list.