You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by James <ol...@yahoo.com> on 2014/09/10 20:05:39 UTC
please help me with path-based access control setup
My svnserve is running on Fedora and I can access (checkout, update, ..) with svn://repository/.. without any issue from local machine and another machine.
I also setup user/password access control. It works great. Now I am trying to add path-based access control on top of it.
I enabled the "authz-db = authz" on the svnserve.conf file.
I tested with following settings on the authz file:
#=================
#[/home/svn/Playground/proj1]
#[/home/svn/Playground]
#[/home/svn/Playground/]
#[repository:/Playground]
#[repository:/proj1]
[repository:/*]
testuser = rw
$authenticated = rw
* = rw
but none worked. I always get this error:
svn: E170001: Authorization failed.
If I disable the "authz-db = authz" on the svnserve.conf file, svn immediately works.
My svn repositry is in /home/svn directory. The repository name is Playground. There are two projects there: proj1 and proj2.
When I try to do checkout with --username --password option, I was asked for password. After pass the name/password, I received the "svn: E170001: Authorization failed." error.
My setting in the authz file is not correct? or I need to change more configurations?
thanks,
James
Re: please help me with path-based access control setup
Posted by James <ol...@yahoo.com>.
Ok, I found what wrong with my authz file's settings after read the svnbook carefully again.
Now there is only one thing still doesn't work for me: deny the access of a subdirectory:
by follow the example in the svnbook, I have the following setting:
#---------------
[/]
superuser = rw
#* = r
[Playground:/proj1]
user1 = rw
[Playground:/proj1/trunk/proj1Folder1]
user1 =
[Playground:/proj2]
user2 = rw
#----------------
suppose the user1 shouldn't have access to the "/proj1/trunk/proj1Folder1" directory. but when I do checkout, that directory is still be checked out to my machine.
is that behavor correct?
On Wednesday, September 10, 2014 2:05 PM, James <ol...@yahoo.com> wrote:
My svnserve is running on Fedora and I can access (checkout, update, ..) with svn://repository/.. without any issue from local machine and another machine.
I also setup user/password access control. It works great. Now I am trying to add path-based access control on top of it.
I enabled the "authz-db = authz" on the svnserve.conf file.
I tested with following settings on the authz file:
#=================
#[/home/svn/Playground/proj1]
#[/home/svn/Playground]
#[/home/svn/Playground/]
#[repository:/Playground]
#[repository:/proj1]
[repository:/*]
testuser = rw
$authenticated = rw
* = rw
but none worked. I always get this error:
svn: E170001: Authorization failed.
If I disable the "authz-db = authz" on the svnserve.conf file, svn immediately works.
My svn repositry is in /home/svn directory. The repository name is Playground. There are two projects there: proj1 and proj2.
When I try to do checkout with --username --password option, I was asked for password. After pass the name/password, I received the "svn: E170001: Authorization failed." error.
My setting in the authz file is not correct? or I need to change more configurations?
thanks,
James
Re: please help me with path-based access control setup
Posted by Branko Čibej <br...@wandisco.com>.
On 10 Sep 2014 20:06, "James" <ol...@yahoo.com> wrote:
>
> My svnserve is running on Fedora and I can access (checkout, update, ..)
with svn://repository/.. without any issue from local machine and another
machine.
>
> I also setup user/password access control. It works great. Now I am
trying to add path-based access control on top of it.
>
> I enabled the "authz-db = authz" on the svnserve.conf file.
> I tested with following settings on the authz file:
>
> #=================
> #[/home/svn/Playground/proj1]
> #[/home/svn/Playground]
> #[/home/svn/Playground/]
> #[repository:/Playground]
> #[repository:/proj1]
> [repository:/*]
> testuser = rw
> $authenticated = rw
> * = rw
>
> but none worked. I always get this error:
> svn: E170001: Authorization failed.
The the bit before the rule path in the authz file is the repository name,
not its local path and not the server name. The rules also cannot contain
wildcards.
Try:
[Playground:/]
* = rw
-- Brane