You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Andy Canfield <an...@pimco.mobi> on 2011/08/01 06:02:41 UTC
Re: Subversion: list of respositories
On 07/18/2011 09:48 AM, Geoff Hoffman wrote:
>
> On Sat, Jul 16, 2011 at 11:06 PM, Andy Canfield
> <andy.canfield@pimco.mobi <ma...@pimco.mobi>> wrote:
>
> How do you get a list of repositories from svnserver? The only way
> I can figure out is:
> * ssh username@example.com <ma...@example.com>
> sudo bash
> ls -ld /var/svn/**
> And, of course, this makes an assumption about where on the server
> the repositories are located. There 'ought' to be an easier way.
>
>
>
> Andy,
> I read (skimmed) all your posts, and I'm a little confused but I think
> I know where you're going. I'm not sure if you're using Apache to
> serve your repositories. If you are, you should check out this:Â
> http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/
> and this https://help.ubuntu.com/community/Subversion
>
> I recently followed the blog above and got everything setup how I
> think you want it. You can control user access to multiple repos in
> three ways, the blog explains it all, except one thing. I found that
> this is for folder-level control on one repository:
>
> |[/]
> @team = r
> bob = rw
>
> [/wowapp/trunk]
> @team = r
> @devteam = rw
> brenda = rw|
>
> In my authz control file, multiple repositories are done like this
> (note the repo name and colon):
>
> |[repoA:/]
> @team = r
> bob = rw
>
> [repoB:/]
> @team = r
> @devteam = rw
> brenda = rw|
>
> I also put websvn on it, and use the configuration optionÂ
>
> $config->useAuthenticationFile('/path/to/your/authz/file');
>
> which I found on this stackoverflow QA
> <http://serverfault.com/questions/13853/how-do-i-restrict-repository-access-via-websvn>.Â
>
> http://serverfault.com/questions/13853/how-do-i-restrict-repository-access-via-websvn
WebSVN is now working for me. However http://SERVER/svn is not. I point
my browser to "http://SERVER/svn"and I get "403 Forbidden".
My dav_svn.conf file includes these lines:
SVNParentPath /Subversion
SVNListParentPath on
Deny from all
Satisfy any
AuthzSVNAccessFile /Subversion/conf/authz
The authz file includes these lines:
[groups]
everybody = andy,louis,spencer
[/]
@everybody = r
[subdoc:/]
andy = rw
[gamble:/]
@everybody = rw
[fred3:/]
spencer = rw
Now AFAIK this should mean that there is a group named "everybody" which
includes all Subversion users, and that group everybody has read access
to every repository, and user andy has read/write access to 'subdoc',
and group everybody has read/write access to 'gamble', and that only
user spencer has write access to 'fred3'.
I am user andy. I can point my browser to "http://SERVER/svn/subdoc" or
even "http://SERVER/svn/fred3" with no problem, but not
"http://SERVER/svn" -- 403 Forbidden. I think I've done everything that
the documentation says I should do, but it doesn't work.
FYI, I am running Subversion 1.6.12dfsg-4ubuntu2.1.
So how do I give group everybody (but not all users on the server, i.e.
@everybody but not *) read access to $SVNParentPath ?
Re: Subversion: list of respositories
Posted by Neil Bird <ne...@jibbyjobby.co.uk>.
Around about 01/08/11 05:02, Andy Canfield typed ...
> I am user andy. I can point my browser to "http://SERVER/svn/subdoc" or even
> "http://SERVER/svn/fred3" with no problem, but not "http://SERVER/svn" --
> 403 Forbidden. I think I've done everything that the documentation says I
> should do, but it doesn't work.
To my knowledge, telling mod_svn where your repos are gives it control
over that part of the access URL (http://SERVER/svn/...), but mod_svn only
“knows” about repos, and so doesn't do anything with the container/parent
directory (hence the generic 403).
If that's not the intended functionality, then I never seen it do
anything else on multiple installs on multiple platforms.
You mention that WebSVN lets you see the repos., but if you look at the
code (as I did when wondering about this) you'll find that this is treated
as a special case: it actually goes off to the repo. directory (as it's on
the server), does a directory listing, and then compares each repo. it finds
with the current user's read permissions, only showing those to which the
user has access.
Which is, I guess, what you're hoping SVN would do. I couldn't say
whether there's a reason why it doesn't, whether it's design or accident.
--
[neil@fnx ~]# rm -f .signature
[neil@fnx ~]# ls -l .signature
ls: .signature: No such file or directory
[neil@fnx ~]# exit
Re: Subversion: list of respositories
Posted by Thorsten Schöning <ts...@am-soft.de>.
Guten Tag Andy Canfield,
am Montag, 1. August 2011 um 06:02 schrieben Sie:
> The authz file includes these lines:
> [groups]
> everybody = andy,louis,spencer
> [/]
> @everybody = r
> [subdoc:/]
> andy = rw
> [gamble:/]
> @everybody = rw
> [fred3:/]
> spencer = rw
[...]
> I am user andy. I can point my browser to "http://SERVER/svn/subdoc" or
> even "http://SERVER/svn/fred3" with no problem, but not
> "http://SERVER/svn" -- 403 Forbidden. I think I've done everything that
> the documentation says I should do, but it doesn't work.
What doesn't work? User andy is member of everyone and therefore can
read all repositories. If you could write as andy to fred3, you would
have a problem. Or am I missing something?
Mit freundlichen Grüßen,
Thorsten Schöning
--
Thorsten Schöning
AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig
Telefon: Potsdam: 0331-743881-0
E-Mail: tschoening@am-soft.de
Web: http://www.am-soft.de
AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam
Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow