[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN Permission problem

From: Michael P. Reilly <arcege_at_gmail.com>
Date: Thu, 24 May 2012 15:13:33 -0400

On Thu, May 24, 2012 at 2:36 PM, trevor obba <trevor_obba_at_yahoo.co.uk>wrote:

> I am running subversion 1.6.6 on Ubuntu 10.04 (Lucid), Viewvc
> 1.0.9 and apache2 (2.2.14) and LDAP authentication.
>
>
> I have multiple repositories on my SVN server and it all
> working fine, however I am unable to set access control (permissions)
> using AuthzSVNAccessFile.
>
> “SVNParentPath /abc/svn”
>
>
> The directories to my repositories are:
> /abc/svn/repo1
> /abc/svn/repo2
> /abc/svn/repo3
> /abc/svc/repo4
>
> Users log-in with their LDAP account to https://www.test.com/viewvc or
> https://www.test.com/svn and can see all
> repositories however when users drill down or click on repository only
> specific
> users should be able to read and write to repository.
>
> I tried to set up permission on repository but it does not
> seem to work, where specific group of users are given read write access a
> repository like
>
> [groups]
> developer1 = john, matthew, trevor
> developer2 = john, monika, nick, Andrew
> developer3 = john, victor, brown,
>
>
> [/]
> * = r
>
> [repo1:/]
> @developer1 = rw
>
> [repo2:/]
> @developer2 = rw
>
> [repo3:/]
> @developer3 = rw
>
> The above permission does not work; users are still able to
> drill down repositories regardless of permission, unless I explicitly state
> that other groups have no permission to repository then it work like
>
> [/]
> * = r
>
> [repo1:/]
> @developer1 = rw
> @developer2 =
> @developer3 =
>
> [repo2:/]
> @developer2 = rw
> @developer1 =
> @developer3 =
>
> [repo3:/]
> @developer3 = rw
> @developer1 =
> @developer2 =
>
>
> However if any users, that are not a member of developer1,
> developer2 and developer3
> Logs-in he can drill down to every repositories and read any
> files.
>
> How do I restrict access to repository to specify group?
>
> Here is my dav_svn.conf
> <Location /svn/>
> DAV svn
> SVNParentPath /abc/svn
> SVNListParentPath On
> AuthType Basic
> AuthName
> "Subversion Repository"
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative on
> AuthLDAPBindDN
> "o=bindme"
> AuthLDAPURL ldap://x.x.x.x:389/ STARTTLS
> AuthzSVNAccessFile /etc/apache2/acl
> Require valid-user
> </Location>
>
> What am I doing wrong? Can help please
>
> What am I doing wrong? Can help please
>

Try removing the lines:

[/]
* = r

This is a catch-all that says "anyone accessing '/' or below has read-only
access.

What I do is have a 'catch-all' group and give global access to that group.
 Then I just moving users in and out of that group as needed to give or
remove permissions.

  -Arcege

-- 
What comes after the O-nut?
The P-nut
What comes after the P-nut?
The elephant
  *joke told by my sons*
Received on 2012-05-24 21:14:25 CEST

This is an archived mail posted to the Subversion Users mailing list.