You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Justin <ju...@hush.cc> on 2006/08/21 16:04:41 UTC
Anonymous access will not go away!
Hi everyone,
I just set up my first Subversion server, under Apache2 on OS X
Server 10.4, serving the repository over Apache2 and SSL. It was
probably the most painful install and tweaking process I've ever
experienced! But it's in and working.
The problem I'm running into, is that no matter what I do, I cannot
DISABLE anonymous access! I can set things so that an INcorrect
username is denied, and a CORRECT username is allowed. But not
entering any credentials always results in full access.
My httpd.conf location is:
<Location /svn>
SSLRequireSSL
DAV svn
SVNPath /Library/svn
AuthzSVNAccessFile /Library/Apache2/svn-access-file
Require valid-user
AuthType Basic
AuthName "Repository"
AuthUserFile /Library/Apache2/svn-auth-file
</Location>
And I've got the svn-access-file as:
[/]
* =
justin = rw
Basically, I've got this ONE repository that I need to be secured.
When I remove my account from the access-file (justin), any anonymous
access results in a 403 Forbidden error. But when I've got my account
in there, my account AND anonymous gets full access.
I have set the hooks for anon-access to none in the svnserve.conf
file in the repository, but I think this is just for serving via
svnserve and NOT Apache2. Regardless, the options that I set there do
nothing.
I'm completely stuck on this one, there doesn't seem to be anything
out there addressing my issue. I'm thinking that maybe it was a
permissions issue on my repository folders and files, but when I
disable the world permissions (from read, write, ex to none, none
none) I cannot access the repository at all.
Any help on this would be GREATLY appreciated!
Thanks in advance,
*justin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Anonymous access will not go away!
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Aug 22, 2006, at 01:18, Ryan Schmidt wrote:
> Are you SURE that anonymous access is getting in? Subversion caches
> your credentials, you know, the first time you supply them. Could
> it be that the username "justin" and the password are cached in
> ~/.subversion/auth/svn.simple which is why you can get access when
> you do not explicitly supply a username and password? Try deleting
> the cached info from that directory and see if you then still have
> access. I suspect you do not, meaning the server is correctly set up.
An additional thought: you should be able to follow the Apache access
log and see what username it thinks you're connecting with.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Anonymous access will not go away!
Posted by Steve Martin <sm...@gmail.com>.
I had this same problem as well.
I was running httpd (apache2), with svn 1.3.1 on RHEL 4 using httpd auth,
and after awhile, it stopped prompting for username + password.
Although, I'm not certain what Ryan said is right... it might cache certain
info, but even with httpd basic auth, it still wasn't prompting for auth
info after a reboot AND using a different user account.
What I would recommend checking (which I didn't get a chance to before the
contract was up) is that to make sure you don't have the apache + svn auth
info in 2 different locations.
IE: (this example is on RHEL 4... may be different on your OS) if you have
the apache directives set in /etc/httpd/httpd.conf, DO NOT have it set also
in /etc/httpd/conf.d/whateverconf.conf).
That was the only thing I could think of in MY situation.
My best suggestion would be to:
cp httpd.conf httpd.conf.bak
remove everything env related from the "old" httpd.conf
Readd the svn directives, run apachectl restart (or /etc/init.d/httpd
restart)
and see if you still have the same problem.
However, I was managing things for a small dev lab, so I didn't need the svn
authz stuff. I just used basic httpd authentication.... I had one couple GB
repo, with a limitied # of people using it.
On 8/21/06, Ryan Schmidt <su...@ryandesign.com> wrote:
>
> On Aug 21, 2006, at 18:04, Justin wrote:
>
> > I just set up my first Subversion server, under Apache2 on OS X
> > Server 10.4, serving the repository over Apache2 and SSL. It was
> > probably the most painful install and tweaking process I've ever
> > experienced! But it's in and working.
> >
> > The problem I'm running into, is that no matter what I do, I cannot
> > DISABLE anonymous access! I can set things so that an INcorrect
> > username is denied, and a CORRECT username is allowed. But not
> > entering any credentials always results in full access.
> >
> > My httpd.conf location is:
> >
> > <Location /svn>
> > SSLRequireSSL
> > DAV svn
> > SVNPath /Library/svn
> > AuthzSVNAccessFile /Library/Apache2/svn-access-file
> > Require valid-user
> > AuthType Basic
> > AuthName "Repository"
> > AuthUserFile /Library/Apache2/svn-auth-file
> > </Location>
> >
> > And I've got the svn-access-file as:
> >
> > [/]
> > * =
> > justin = rw
> >
> > Basically, I've got this ONE repository that I need to be secured.
> > When I remove my account from the access-file (justin), any
> > anonymous access results in a 403 Forbidden error. But when I've
> > got my account in there, my account AND anonymous gets full access.
> >
> > I have set the hooks for anon-access to none in the svnserve.conf
> > file in the repository, but I think this is just for serving via
> > svnserve and NOT Apache2. Regardless, the options that I set there
> > do nothing.
> >
> > I'm completely stuck on this one, there doesn't seem to be anything
> > out there addressing my issue. I'm thinking that maybe it was a
> > permissions issue on my repository folders and files, but when I
> > disable the world permissions (from read, write, ex to none, none
> > none) I cannot access the repository at all.
> >
> > Any help on this would be GREATLY appreciated!
>
> Are you SURE that anonymous access is getting in? Subversion caches
> your credentials, you know, the first time you supply them. Could it
> be that the username "justin" and the password are cached in
> ~/.subversion/auth/svn.simple which is why you can get access when
> you do not explicitly supply a username and password? Try deleting
> the cached info from that directory and see if you then still have
> access. I suspect you do not, meaning the server is correctly set up.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Re: Anonymous access will not go away!
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Aug 21, 2006, at 18:04, Justin wrote:
> I just set up my first Subversion server, under Apache2 on OS X
> Server 10.4, serving the repository over Apache2 and SSL. It was
> probably the most painful install and tweaking process I've ever
> experienced! But it's in and working.
>
> The problem I'm running into, is that no matter what I do, I cannot
> DISABLE anonymous access! I can set things so that an INcorrect
> username is denied, and a CORRECT username is allowed. But not
> entering any credentials always results in full access.
>
> My httpd.conf location is:
>
> <Location /svn>
> SSLRequireSSL
> DAV svn
> SVNPath /Library/svn
> AuthzSVNAccessFile /Library/Apache2/svn-access-file
> Require valid-user
> AuthType Basic
> AuthName "Repository"
> AuthUserFile /Library/Apache2/svn-auth-file
> </Location>
>
> And I've got the svn-access-file as:
>
> [/]
> * =
> justin = rw
>
> Basically, I've got this ONE repository that I need to be secured.
> When I remove my account from the access-file (justin), any
> anonymous access results in a 403 Forbidden error. But when I've
> got my account in there, my account AND anonymous gets full access.
>
> I have set the hooks for anon-access to none in the svnserve.conf
> file in the repository, but I think this is just for serving via
> svnserve and NOT Apache2. Regardless, the options that I set there
> do nothing.
>
> I'm completely stuck on this one, there doesn't seem to be anything
> out there addressing my issue. I'm thinking that maybe it was a
> permissions issue on my repository folders and files, but when I
> disable the world permissions (from read, write, ex to none, none
> none) I cannot access the repository at all.
>
> Any help on this would be GREATLY appreciated!
Are you SURE that anonymous access is getting in? Subversion caches
your credentials, you know, the first time you supply them. Could it
be that the username "justin" and the password are cached in
~/.subversion/auth/svn.simple which is why you can get access when
you do not explicitly supply a username and password? Try deleting
the cached info from that directory and see if you then still have
access. I suspect you do not, meaning the server is correctly set up.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org