Hi list,
I am trying to deny a user access to a certain path in an SVN repository.
According to the documentation this is done by setting the username to empty
like this:
[calc:/branches/calc/bug-142/secret]
harry =
In
http://grokbase.com/t/subversion/users/1019eey8h0/problem-implementing-path-
based-authorization-with-authz I found this:
If I remember correctly, you cannot have less than
global read permissions on the repository's root
if you're on SVN 1.5 or later.
Maybe this is fixed in 1.7
(http://subversion.tigris.org/issues/show_bug.cgi?id=3242), still I decided
to start with read access for everyone and then to deny access to one path.
This is the configuration of my SVN vhost:
<VirtualHost *:443>
<Location />
DAV svn
SVNParentPath /var/repositories/
AuthType Basic
AuthName "Repositories"
AuthUserFile /etc/apache2/passwd/rep
Require user andre
# Google: svn secure connection truncated
SVNPathAuthz Off
</Location>
<Location /test/>
AuthUserFile /etc/apache2/passwd/rep-test
Require valid-user
SVNPathAuthz On
AuthzSVNAccessFile /etc/apache2/passwd/authz-test
</Location>
</VirtualHost>
Inside the repository https://svn/test/ there is a directory test2.
This is my current authz-test file, which is unable to stop user "andre"
from accessing the directory "test2" and its content:
[/]
* = rw
[/test2]
andre =
[/test2/]
andre =
[test/test2]
andre =
[/test/test2]
andre =
[test/test2/]
andre =
[/test/test2/]
andre =
[test:/test/test2]
andre =
[test/:/test2]
andre =
[test:/test2/]
andre =
[test/:/test2/]
andre =
[test:test2]
andre =
[test/:test2]
andre =
[test:test2/]
andre =
[test/:test2/]
andre =
When I comment the "* = rw" part, access to the repository is immediately
denied, so at least the file isn't being ignored completely. I am using
Subversion 1.7.8.
Regards,
André
Received on 2013-02-04 20:09:29 CET