You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Justin <ju...@hush.cc> on 2006/08/21 16:04:41 UTC

Anonymous access will not go away!

Hi everyone,

I just set up my first Subversion server, under Apache2 on OS X  
Server 10.4, serving the repository over Apache2 and SSL. It was  
probably the most painful install and tweaking process I've ever  
experienced! But it's in and working.

The problem I'm running into, is that no matter what I do, I cannot  
DISABLE anonymous access! I can set things so that an INcorrect  
username is denied, and a CORRECT username is allowed. But not  
entering any credentials always results in full access.

My httpd.conf location is:

<Location /svn>
	SSLRequireSSL
     DAV svn
     SVNPath /Library/svn
     AuthzSVNAccessFile /Library/Apache2/svn-access-file
     Require valid-user
     AuthType Basic
     AuthName "Repository"
     AuthUserFile /Library/Apache2/svn-auth-file
</Location>

And I've got the svn-access-file as:

[/]
* =
justin = rw

Basically, I've got this ONE repository that I need to be secured.  
When I remove my account from the access-file (justin), any anonymous  
access results in a 403 Forbidden error. But when I've got my account  
in there, my account AND anonymous gets full access.

I have set the hooks for anon-access to none in the svnserve.conf  
file in the repository, but I think this is just for serving via  
svnserve and NOT Apache2. Regardless, the options that I set there do  
nothing.

I'm completely stuck on this one, there doesn't seem to be anything  
out there addressing my issue. I'm thinking that maybe it was a  
permissions issue on my repository folders and files, but when I  
disable the world permissions (from read, write, ex to none, none  
none) I cannot access the repository at all.

Any help on this would be GREATLY appreciated!

Thanks in advance,

*justin




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Anonymous access will not go away!

Posted by Ryan Schmidt <su...@ryandesign.com>.

On Aug 22, 2006, at 01:18, Ryan Schmidt wrote:

> Are you SURE that anonymous access is getting in? Subversion caches  
> your credentials, you know, the first time you supply them. Could  
> it be that the username "justin" and the password are cached in  
> ~/.subversion/auth/svn.simple which is why you can get access when  
> you do not explicitly supply a username and password? Try deleting  
> the cached info from that directory and see if you then still have  
> access. I suspect you do not, meaning the server is correctly set up.

An additional thought: you should be able to follow the Apache access  
log and see what username it thinks you're connecting with.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Anonymous access will not go away!

Posted by Steve Martin <sm...@gmail.com>.

I had this same problem as well.

I was running httpd (apache2), with svn 1.3.1 on RHEL 4 using httpd auth,
and after awhile, it stopped prompting for username + password.

Although, I'm not certain what Ryan said is right... it might cache certain
info, but even with httpd basic auth, it still wasn't prompting for auth
info after a reboot AND using a different user account.

What I would recommend checking (which I didn't get a chance to before the
contract was up) is that to make sure you don't have the apache + svn auth
info in 2 different locations.

IE: (this example is on RHEL 4... may be different on your OS) if you have
the apache directives set in /etc/httpd/httpd.conf, DO NOT have it set also
in /etc/httpd/conf.d/whateverconf.conf).

That was the only thing I could think of in MY situation.

My best suggestion would be to:

cp httpd.conf httpd.conf.bak

remove everything env related from the "old" httpd.conf

Readd the svn directives, run apachectl restart (or /etc/init.d/httpd
restart)

and see if you still have the same problem.

However, I was managing things for a small dev lab, so I didn't need the svn
authz stuff. I just used basic httpd authentication.... I had one couple GB
repo, with a limitied # of people using it.

On 8/21/06, Ryan Schmidt <su...@ryandesign.com> wrote:
>
> On Aug 21, 2006, at 18:04, Justin wrote:
>
> > I just set up my first Subversion server, under Apache2 on OS X
> > Server 10.4, serving the repository over Apache2 and SSL. It was
> > probably the most painful install and tweaking process I've ever
> > experienced! But it's in and working.
> >
> > The problem I'm running into, is that no matter what I do, I cannot
> > DISABLE anonymous access! I can set things so that an INcorrect
> > username is denied, and a CORRECT username is allowed. But not
> > entering any credentials always results in full access.
> >
> > My httpd.conf location is:
> >
> > <Location /svn>
> >       SSLRequireSSL
> >     DAV svn
> >     SVNPath /Library/svn
> >     AuthzSVNAccessFile /Library/Apache2/svn-access-file
> >     Require valid-user
> >     AuthType Basic
> >     AuthName "Repository"
> >     AuthUserFile /Library/Apache2/svn-auth-file
> > </Location>
> >
> > And I've got the svn-access-file as:
> >
> > [/]
> > * =
> > justin = rw
> >
> > Basically, I've got this ONE repository that I need to be secured.
> > When I remove my account from the access-file (justin), any
> > anonymous access results in a 403 Forbidden error. But when I've
> > got my account in there, my account AND anonymous gets full access.
> >
> > I have set the hooks for anon-access to none in the svnserve.conf
> > file in the repository, but I think this is just for serving via
> > svnserve and NOT Apache2. Regardless, the options that I set there
> > do nothing.
> >
> > I'm completely stuck on this one, there doesn't seem to be anything
> > out there addressing my issue. I'm thinking that maybe it was a
> > permissions issue on my repository folders and files, but when I
> > disable the world permissions (from read, write, ex to none, none
> > none) I cannot access the repository at all.
> >
> > Any help on this would be GREATLY appreciated!
>
> Are you SURE that anonymous access is getting in? Subversion caches
> your credentials, you know, the first time you supply them. Could it
> be that the username "justin" and the password are cached in
> ~/.subversion/auth/svn.simple which is why you can get access when
> you do not explicitly supply a username and password? Try deleting
> the cached info from that directory and see if you then still have
> access. I suspect you do not, meaning the server is correctly set up.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

Re: Anonymous access will not go away!

Posted by Ryan Schmidt <su...@ryandesign.com>.

On Aug 21, 2006, at 18:04, Justin wrote:

> I just set up my first Subversion server, under Apache2 on OS X  
> Server 10.4, serving the repository over Apache2 and SSL. It was  
> probably the most painful install and tweaking process I've ever  
> experienced! But it's in and working.
>
> The problem I'm running into, is that no matter what I do, I cannot  
> DISABLE anonymous access! I can set things so that an INcorrect  
> username is denied, and a CORRECT username is allowed. But not  
> entering any credentials always results in full access.
>
> My httpd.conf location is:
>
> <Location /svn>
> 	SSLRequireSSL
>     DAV svn
>     SVNPath /Library/svn
>     AuthzSVNAccessFile /Library/Apache2/svn-access-file
>     Require valid-user
>     AuthType Basic
>     AuthName "Repository"
>     AuthUserFile /Library/Apache2/svn-auth-file
> </Location>
>
> And I've got the svn-access-file as:
>
> [/]
> * =
> justin = rw
>
> Basically, I've got this ONE repository that I need to be secured.  
> When I remove my account from the access-file (justin), any  
> anonymous access results in a 403 Forbidden error. But when I've  
> got my account in there, my account AND anonymous gets full access.
>
> I have set the hooks for anon-access to none in the svnserve.conf  
> file in the repository, but I think this is just for serving via  
> svnserve and NOT Apache2. Regardless, the options that I set there  
> do nothing.
>
> I'm completely stuck on this one, there doesn't seem to be anything  
> out there addressing my issue. I'm thinking that maybe it was a  
> permissions issue on my repository folders and files, but when I  
> disable the world permissions (from read, write, ex to none, none  
> none) I cannot access the repository at all.
>
> Any help on this would be GREATLY appreciated!

Are you SURE that anonymous access is getting in? Subversion caches  
your credentials, you know, the first time you supply them. Could it  
be that the username "justin" and the password are cached in  
~/.subversion/auth/svn.simple which is why you can get access when  
you do not explicitly supply a username and password? Try deleting  
the cached info from that directory and see if you then still have  
access. I suspect you do not, meaning the server is correctly set up.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org