You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Steven Simpson <ss...@domain.invalid> on 2006/03/15 10:45:39 UTC
'file:' access according to AuthzSVNAccessFile
Hello,
I have some Subversion repositories on Linux accessed through https,
controlled by an AuthzSVNAccessFile svn-access.conf, with Apache doing
the authentication. The web interface is XML+XSLT->HTML, so on a
particular directory, I can add extra utility links based on whichever
SVN directory is being accessed.
I'd like to add a link that produces a .tgz of the displayed directory —
it has been suggested that this might be useful for people who are a
bit, um, scared of Subversion, but nevertheless have read access to the
repository.
The script would just do an 'svn export' and a 'tar'. But I can't see
an easy way of getting the export call to check that the user (already
authenticated as $REMOTE_USER) has permissions for the directory, or
correspondingly to avoid checking out unreadable subdirectories. A
command like this would be ideal:
svn export --username $REMOTE_USER --authz svn-access.conf file:///...
Is there some straight-forward equivalent of this? If not, is it a
feature worth requesting?
Thanks,
Steven
--
ss at comp dot lancs dot ac dot uk |
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: 'file:' access according to AuthzSVNAccessFile
Posted by Steven Simpson <ss...@domain.invalid>.
Andy Levy wrote:
> On 3/15/06, Steven Simpson <ss...@domain.invalid> wrote:
>
>> A command like this would be ideal:
>>
>> svn export --username $REMOTE_USER --authz svn-access.conf file:///...
>>
>> Is there some straight-forward equivalent of this? If not, is it a
>> feature worth requesting?
>>
> Access controls are done by
> the svn servers (whether the Apache2 module or svnserve), and when you
> use file:// you use no server.
I realise this. But would it be a good idea to add it to the client to
emulate the restrictions applied to a user? I've already stated my own
(somewhat dubious) purpose (i.e. in a script where the authentication is
already done), but perhaps it would also be useful for diagnosis of a
local authz file...?
Cheers!
--
ss at comp dot lancs dot ac dot uk |
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: 'file:' access according to AuthzSVNAccessFile
Posted by Andy Levy <an...@gmail.com>.
On 3/15/06, Steven Simpson <ss...@domain.invalid> wrote:
> I have some Subversion repositories on Linux accessed through https,
> controlled by an AuthzSVNAccessFile svn-access.conf, with Apache doing
> the authentication. The web interface is XML+XSLT->HTML, so on a
> particular directory, I can add extra utility links based on whichever
> SVN directory is being accessed.
>
> I'd like to add a link that produces a .tgz of the displayed directory —
> it has been suggested that this might be useful for people who are a
> bit, um, scared of Subversion, but nevertheless have read access to the
> repository.
>
> The script would just do an 'svn export' and a 'tar'. But I can't see
> an easy way of getting the export call to check that the user (already
> authenticated as $REMOTE_USER) has permissions for the directory, or
> correspondingly to avoid checking out unreadable subdirectories. A
> command like this would be ideal:
>
> svn export --username $REMOTE_USER --authz svn-access.conf file:///...
>
> Is there some straight-forward equivalent of this? If not, is it a
> feature worth requesting?
There is, to my knowledge, no access control when using file:// - it's
all or nothing, if the user executing the command has filesystem
permissions to access the Subversion repository files, they can get
anything/everything in the repository. Access controls are done by
the svn servers (whether the Apache2 module or svnserve), and when you
use file:// you use no server.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org