You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Jeroen Coumans <je...@jeroencoumans.nl> on 2004/05/31 22:16:10 UTC
Non-working authz configuration?
Hi,
I have this in /etc/apache2/httpd.conf:
<Location /subversion>
DAV svn
SVNParentPath /subversion
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
Require valid-user
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /etc/apache2/dav_svn.passwd
</Location>
And in /etc/apache2/dav_svn.authz:
[/]
* =
@admin = rw
@programmers = r
[foo:/bar/branches/]
@programmers = rw
[bar:/foo/branches/]
@programmers = rw
The point is to use rw for admin, r for programmers except for the
branches where they are allowed to write. Except that it doesn't seem to
work; the programmers group can't write to the repository's branches.
What did I do wrong?
--
Groeten/Greetings,
Jeroen Coumans
www.jeroencoumans.nl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
[BOOK] Re: Non-working authz configuration?
Posted by Jason Diamond <ja...@injektilo.org>.
Ben Collins-Sussman wrote:
>On Mon, 2004-05-31 at 19:26, Jeroen Coumans wrote:
>
>
>> Do I really need 1.0.4 for mod_dav_svn? It's
>>not available in that version on Debian yet.
>>Thanks for the response.
>>
>>
>
>You need at least 1.0.2. The [repos:/path] syntax doesn't even *exist*
>before 1.0.2!
>
>
I was recently bit by this, too. Shouldn't it be mentioned in the book?
It certainly wasn't obvious to me that a release like 1.0.2 would
introduce a new feature.
-- Jason
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Jeroen Coumans <je...@jeroencoumans.nl>.
Ben Collins-Sussman said the following on 01-06-2004 14:11:
>
> Can you resend your apache configuration, followed by an exact
> transcript that demonstrates the failure?
Nevermind; it seems to work now. Don't know exactly what fixed it; I
blew away the complete configuration & recreated it from scratch. Could
it have something to do with the use of trailing slashes, eg.
[repos:/foo/bar] instead of [repos:/foo/bar/]?
Thanks for the kind support!
--
Groeten/Greetings,
Jeroen Coumans
www.jeroencoumans.nl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Ben Collins-Sussman <su...@collab.net>.
On Tue, 2004-06-01 at 03:44, Jeroen Coumans wrote:
> * [foo:/1.0/branches]
> * [foo:/foo/1.0/branches]
>
> And both don't work. I tried with regular usernames and groups and both
> don't work.
Can you resend your apache configuration, followed by an exact
transcript that demonstrates the failure?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Jeroen Coumans <je...@jeroencoumans.nl>.
Ben Collins-Sussman said the following on 01-06-2004 02:33:
>
> You need at least 1.0.2. The [repos:/path] syntax doesn't even *exist*
> before 1.0.2!
Ok, I have everything installed on version 1.04, except mod_dav_svn
which is 1.0.3. Thus, version requirements are all met now.
The problem still seems to persist though. My repositories are under
http://1.2.3.4/svn/foo,bar}, with directories such as
1.0/{branches,tags,trunk}. Programmers should only get write access in
branches but read access in everything else. How should I refer to these
in dav_svn.authz? I tried the following:
* [foo:/1.0/branches]
* [foo:/foo/1.0/branches]
And both don't work. I tried with regular usernames and groups and both
don't work.
--
Groeten/Greetings,
Jeroen Coumans
www.jeroencoumans.nl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Ben Collins-Sussman <su...@collab.net>.
On Mon, 2004-05-31 at 19:26, Jeroen Coumans wrote:
> Do I really need 1.0.4 for mod_dav_svn? It's
> not available in that version on Debian yet.
> Thanks for the response.
You need at least 1.0.2. The [repos:/path] syntax doesn't even *exist*
before 1.0.2!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Jeroen Coumans <je...@jeroencoumans.nl>.
Ben Collins-Sussman said the following on 01-06-2004 01:15:
>
> svn 1.0.2 fixes a bug whereby "SVNAuthzAccessFile" wasn't working at all
> with "SVNParentPath".
>
> Upgrade mod_dav_svn to 1.0.4. (And, as John said, make sure you're
> actually defining the groups too.)
I defined the groups and it works fine for programmers if I change "r"
to "rw" in [/]. But I want programmers to be "r" and specify
subdirectories of repositories as "rw" for them. But even after
upgrading to 1.0.4 for subversion & clients and 1.0.3 for mod_dav_svn,
that doesn't seem to work. Do I really need 1.0.4 for mod_dav_svn? It's
not available in that version on Debian yet.
Thanks for the response.
--
Groeten/Greetings,
Jeroen Coumans
www.jeroencoumans.nl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Ben Collins-Sussman <su...@collab.net>.
On Mon, 2004-05-31 at 17:53, Jeroen Coumans wrote:
> svn, version 1.0.0, compiled Feb 24 2004, 20:38:43
> Apache/2.0.49, built Apr 4 2004 14:45:32
svn 1.0.2 fixes a bug whereby "SVNAuthzAccessFile" wasn't working at all
with "SVNParentPath".
Upgrade mod_dav_svn to 1.0.4. (And, as John said, make sure you're
actually defining the groups too.)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Jeroen Coumans <je...@jeroencoumans.nl>.
Ben Collins-Sussman said the following on 01-06-2004 00:26:
> On Mon, 2004-05-31 at 17:16, Jeroen Coumans wrote:
>
>
>>The point is to use rw for admin, r for programmers except for the
>>branches where they are allowed to write. Except that it doesn't seem to
>>work; the programmers group can't write to the repository's branches.
>>What did I do wrong?
>
>
> What versions of svn client and server? What OSes?
Server:
Debian testing
svn, version 1.0.0, compiled Feb 24 2004, 20:38:43
Apache/2.0.49, built Apr 4 2004 14:45:32
Clients: TortoiseSVN (latest), svn-tools-1.0.4, RCPlugin.
Thanks,
--
Groeten/Greetings,
Jeroen Coumans
www.jeroencoumans.nl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by Ben Collins-Sussman <su...@collab.net>.
On Mon, 2004-05-31 at 17:16, Jeroen Coumans wrote:
> The point is to use rw for admin, r for programmers except for the
> branches where they are allowed to write. Except that it doesn't seem to
> work; the programmers group can't write to the repository's branches.
> What did I do wrong?
What versions of svn client and server? What OSes?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Non-working authz configuration?
Posted by John Szakmeister <jo...@szakmeister.net>.
On Monday 31 May 2004 18:16, Jeroen Coumans wrote:
> Hi,
>
> I have this in /etc/apache2/httpd.conf:
>
> <Location /subversion>
> DAV svn
> SVNParentPath /subversion
> AuthzSVNAccessFile /etc/apache2/dav_svn.authz
> Require valid-user
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /etc/apache2/dav_svn.passwd
> </Location>
>
> And in /etc/apache2/dav_svn.authz:
> [/]
> * =
> @admin = rw
> @programmers = r
>
> [foo:/bar/branches/]
> @programmers = rw
>
> [bar:/foo/branches/]
> @programmers = rw
>
> The point is to use rw for admin, r for programmers except for the
> branches where they are allowed to write. Except that it doesn't seem to
> work; the programmers group can't write to the repository's branches.
> What did I do wrong?
Looks like you need to define the groups. i.e.:
[groups]
admin=user1,user2
programmers=user3,user4,user5
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org