[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: path based authz and write-through proxy

From: Eric Johnson <eric_at_tibco.com>
Date: Thu, 24 Sep 2015 13:57:13 -0700

In our deployment with mirrors, the access file is generated from
information stored in Subversion.

The act of mirroring the repository with the access information in it
triggers the post-commit hook which updates the permissions locally.

Eric.

On Thu, Sep 24, 2015 at 12:34 PM, Aaron Friesen <AFriesen_at_spirae.com> wrote:

> All,
>
> I have been tasked with setting up a mirror of several repositories with
> write-through back to the master.
>
> We have path based authorization on the master.
>
> The svn book simply states to:
>
> ... configure each of your "slave" servers in the exact same way,
> but add the special SVNMasterURI directive to the <Location> block.
>
> That works, but seems to require synchronization of the authz information
> on all servers.
>
> What methods have people used to keep them synchronized?
>
> Here is the relavent <Location> configuration:
>
> ==============
> <Location /sync/>
> DAV svn
> SVNParentPath "E:/csvn/data/repositories"
> SVNReposName "CollabNet Subversion Repository"
>
> <IfModule deflate_module>
> SetOutputFilter DEFLATE
> </IfModule>
>
> <RequireAll>
> Require user sync
> </RequireAll>
> AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file"
> SVNPathAuthz short_circuit
> AuthzForceUsernameCase Lower
> </Location>
>
> # Work around authz and SVNListParentPath issue
> RedirectMatch ^(/svn)$ $1/
> <Location /svn/>
> DAV svn
> SVNParentPath "E:/csvn/data/repositories"
> SVNReposName "CollabNet Subversion Repository"
>
> <IfModule deflate_module>
> SetOutputFilter DEFLATE
> </IfModule>
> AuthzSVNAccessFile "C:\csvn\data/conf/svn_access_file"
> SVNPathAuthz short_circuit
> SVNListParentPath On
> AuthzForceUsernameCase Lower
> SVNMasterURI http://192.168.15.18:8080/svn
> </Location>
> ==============
>
> By restricting access on <Location /sync/> to just the user "sync", and
> the SVNMasterURI in <Location /svn/>, is there any major reason not to
> simply remove all path based restrictions on the mirror and let the master
> perform that function so that the authz on the mirror doesn't have to
> change?
>
> Thanks,
>
> Aaron
>
Received on 2015-09-24 22:57:42 CEST

This is an archived mail posted to the Subversion Users mailing list.