Re: SVNParent authz

Sat, 30 Jul 2011 20:04:24 -0700 


On 07/29/2011 01:48 PM, Cooke, Mark wrote:

-----Original Message-----
From: Andy Canfield [mailto:andy.canfi...@pimco.mobi]
Sent: 29 July 2011 05:14
To: users@subversion.apache.org
Subject: SVNParent authz

I am having a problem with AuthzSVNAccessFile.

Consider the case where I have two repositories, R1 and R2 Some users
are authorized to examine R1 by going to
      http://example.com/svn/R1
Other users are authorized to examine R2 by going to
      http://example.com/svn/R2
But everyone should be able to see the list of repositories
by going to
      http://example.com/svn

I can't get that to work. I am having a problem with the
mod_dav_svn.conf command:
      AuthzSVNAccessFile /Subversion/conf/authz
If I have AuthzSVNAccessFile turned off (commented out), then
all users
can see the contents of all repositories. But if I have
AuthzSVNAccssFile turned on, then nobody is authorized to see
the list
of repositories via "http://example.com/svn"; because I can't
figure out
how to set authz to give read access to the repository collection but
limited access to the individual repositories. Here is my
closest guess
for authz -
      [groups]
      everyone = andy,fred
      [/]
      @everyone = r
      [subdoc:/]
      andy = rw
The "[/]" section is the part that is incorrect. How can I
give everyone
read access to "http:///example.com/svn"; without giving them
read access
to "http://example.com/svn/subdoc"; ? Indeed, it seems as if
the instant
I turn on AuthzSVNAccessFile nobody can read
"http://example.com/svn"; at
all.

Thank you for your patience.


There was a bug relating to authz which meant that users had to have
access to the root to see anything, you do not mention which version you
are using?

Version: 1.6.12dfsg-4ubuntu2.1


Note that you can remove permissions as well as grant them, so something
like this should work...

[groups]
everyone = andy,fred

[/]
@everyone = r

[R1:/]
andy = rw
fred =

[R2:/]
andy =
fred = rw

If that does not work, can you post the relevant bits of your apache
conf and also which versions and platforms you are on.  For example, I
use the following for our windoze based repos:

<Location /svn/>
     DAV svn
     SVNParentPath D:/svn/root/
     SVNListParentPath On
     # restrict access to subversion repository paths...
     AuthzForceUsernameCase Lower
     AuthzSVNAccessFile D:/path/to/svn-users.txt
</Location>

~ mark c


Thanks. Built my own web page to do the list of repositories. My page 
shows megabytes, user and date of last revision, and includes a button 
to create a new repository. Goes in through PHP, not via 
SVNListParentPath. Access controlled by Apache not Subversion. Works OK. 
So we seem to be ready to fly here. Thanks to all.
























					Reply via email to