[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: path based authz and write-through proxy

From: Mark Phippard <markphip_at_gmail.com>
Date: Thu, 24 Sep 2015 15:54:29 -0400

It really depends on what you are using the feature for. If you are only
using it to block who can commit, then you really do not need it on the
mirror since all writes will go back to the master.

But if you are using it to hide paths (read access), and want to do that on
the mirror, then you need to sync the changes in the file to the mirror or
store the authz in your repository and change your configuration to use
that.

Mark

On Thu, Sep 24, 2015 at 3:34 PM, Aaron Friesen <AFriesen_at_spirae.com> wrote:

> All,
>
> I have been tasked with setting up a mirror of several repositories with
> write-through back to the master.
>
> We have path based authorization on the master.
>
> The svn book simply states to:
>
> ... configure each of your "slave" servers in the exact same way,
> but add the special SVNMasterURI directive to the <Location> block.
>
> That works, but seems to require synchronization of the authz information
> on all servers.
>
> What methods have people used to keep them synchronized?
>
> Here is the relavent <Location> configuration:
>
> ==============
> <Location /sync/>
> DAV svn
> SVNParentPath "E:/csvn/data/repositories"
> SVNReposName "CollabNet Subversion Repository"
>
> <IfModule deflate_module>
> SetOutputFilter DEFLATE
> </IfModule>
>
> <RequireAll>
> Require user sync
> </RequireAll>
> AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file"
> SVNPathAuthz short_circuit
> AuthzForceUsernameCase Lower
> </Location>
>
> # Work around authz and SVNListParentPath issue
> RedirectMatch ^(/svn)$ $1/
> <Location /svn/>
> DAV svn
> SVNParentPath "E:/csvn/data/repositories"
> SVNReposName "CollabNet Subversion Repository"
>
> <IfModule deflate_module>
> SetOutputFilter DEFLATE
> </IfModule>
> AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file"
> SVNPathAuthz short_circuit
> SVNListParentPath On
> AuthzForceUsernameCase Lower
> SVNMasterURI http://192.168.15.18:8080/svn
> </Location>
> ==============
>
> By restricting access on <Location /sync/> to just the user "sync", and
> the SVNMasterURI in <Location /svn/>, is there any major reason not to
> simply remove all path based restrictions on the mirror and let the master
> perform that function so that the authz on the mirror doesn't have to
> change?
>
> Thanks,
>
> Aaron
>

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2015-09-24 21:54:45 CEST

This is an archived mail posted to the Subversion Users mailing list.