You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Tom Malia <to...@ttdsinc.com> on 2014/02/14 22:39:10 UTC

Access rights files with Parent path and svn protocol?

I've got svnserver running with parent path set and I want to support
Path-based Authorization.

 

I'm starting there server as follows:

C:\Program Files (x86)\WANdisco\Subversion>svnserve -d -r
C:/SVN/repositories

 

I'm having no trouble reading repositories from remote clients with the
svn:// protocol but I can't commit.

 

The documentation talks about setting the "authz-db" value in the
"svnserve.conf" file to define access rights.  However, I'm confused and
having some trouble with getting this to work in a parent path environment.

 

If I populate the authz and passwd files in the conf directory of a specific
repository and I start the SVNSERVE for that specific repository:

 

(i.e. C:\Program Files (x86)\WANdisco\Subversion>svnserve -d -r
C:/SVN/repositories/Test)

things seem to work fine.

 

However, if I try to set authz-db to a file in any directory other than the
conf directory of the repo. Being served it appears to fail to read it.  It
works fine if I set authz-db to just the file name in the conf directory
like:

authz-db = authz

it also works fine if I give it a complete path the same file like:

authz-db = C:/SVN/repositories/Test/conf/authz

 

However, if I copy the same file to a different directory (i.e.
c:/SVN/repositories/authz) then try to reference it either with a relative
path or a literal path:

authz-db =../../ authz

or

authz-db = C:/SVN/repositories/authz

 

Finally when I run svnserve with a parent path. no matter what I do in any
of the svnserve.conf and authz-db and password-db files anywhere. it just
seems to ignore any and all access rights settings.. It just allows
read-only access right to anonymous users. never asks for any cridentials,
and doesn't allow write rights to anything.

 

 

I've managed access rights for multiple repositories on other servers where
Apache integration was being used to provide HTTP access to the repos  but
I've never done this before using svnserve.. What am I missing?  How do you
manage the path-based Authentication for multiple repositories on a single
server using svnserve?

 

Thanks in advance,

Tom

RE: Access rights files with Parent path and svn protocol?

Posted by Tom Malia <to...@ttdsinc.com>.
Thanks,
Actually it seems to be working now.... I know something changed but I'm not
sure what, but I guess I won't argue with success for now.

-----Original Message-----
From: Thorsten Schöning [mailto:tschoening@am-soft.de] 
Sent: Friday, February 14, 2014 7:02 PM
To: users@subversion.apache.org
Subject: Re: Access rights files with Parent path and svn protocol?

Guten Tag Tom Malia,
am Freitag, 14. Februar 2014 um 22:39 schrieben Sie:

> I’m having no trouble reading repositories from remote clients with 
> the svn:// protocol but I can’t commit.

You need to configure anon-access, auth-access and password-db for this to
work.

> The documentation talks about setting the “authz-db” value in the 
> “svnserve.conf” file to define access rights.

The important distinction is permissions, not authorization. The latter
needs to be done using the former mentioned.

> authz-db =../../ authz

Those paths need a base, this may be the conf directory, but may be some
completely different because "authz" alone without a path may be some
convention. I don't know which is the base or the conventions existing, but
in those cases I always use Process Monitor to check where an application
looks for a file.

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

> authz-db = C:/SVN/repositories/authz

If that really doesn't work because of some restrictions of SVN, which I
doubt, you may simply link your authz files throughout all your repos using
symbolic links with mklink.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail:Thorsten.Schoening@AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/

Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB
207 694 - Geschäftsführer: Andreas Muchow

Re: Access rights files with Parent path and svn protocol?

Posted by Thorsten Schöning <ts...@am-soft.de>.
Guten Tag Tom Malia,
am Freitag, 14. Februar 2014 um 22:39 schrieben Sie:

> I’m having no trouble reading repositories from remote clients with
> the svn:// protocol but I can’t commit.

You need to configure anon-access, auth-access and password-db for
this to work.

> The documentation talks about setting the “authz-db” value in the
> “svnserve.conf” file to define access rights.

The important distinction is permissions, not authorization. The
latter needs to be done using the former mentioned.

> authz-db =../../ authz

Those paths need a base, this may be the conf directory, but may be
some completely different because "authz" alone without a path may be
some convention. I don't know which is the base or the conventions
existing, but in those cases I always use Process Monitor to check
where an application looks for a file.

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

> authz-db = C:/SVN/repositories/authz

If that really doesn't work because of some restrictions of SVN, which
I doubt, you may simply link your authz files throughout all your
repos using symbolic links with mklink.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail:Thorsten.Schoening@AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/

Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow