You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Chen (陈) Jun (军)" <ch...@gmail.com> on 2009/08/03 09:25:37 UTC
How to allow anonymous browsing SVNParentPath but restrict access
to the repos within(plain text)
Hi, I'd like to ask a question here.
I've been using Apache to serve SVN content for quite some years, but I
got a question recently and can not find an answer from the svn redbean
book.
Quote of concerning httpd.conf lines:
SVNListParentPath on
<Location /svnreps/>
DAV svn
SVNParentPath D:/SvnReps
AuthzSVNAccessFile D:/SvnReps/svn-authz-file
Satisfy Any
Require valid-user
AuthType Basic
AuthName "nlscan Subversion repository"
AuthUserFile D:/SvnReps/svn-auth-file
</Location>
# SVN: Isyslib (container)
<Location /svnreps/Isyslib/>
DAV svn
SVNParentPath D:/SvnReps/Isyslib
AuthzSVNAccessFile D:/SvnReps/Isyslib/svn-authz-file
Satisfy Any
Require valid-user
</Location>
# SVN: makingsys (container)
<Location /svnreps/makingsys/>
DAV svn
SVNParentPath D:/SvnReps/makingsys
AuthzSVNAccessFile D:/SvnReps/makingsys/svn-authz-file
Satisfy Any
Require valid-user
</Location>
Description:
* I'm running Subversion 1.6.1 on a Windows box. The apache server is
the one bundled with CollabNet Subversion 1.6.1 win32 binary package.
* Assuming the svn client is run from the same machine of svn http server.
* According to the config above, an anonymous user can already browse
http://localhost/svnreps/ with IE, firefox etc and see two
directories(repository parent dir) listed: Isyslib and makingsys .
* There are two svn repos within Isyslib named repos1 and repos2 .
Now please listen carefully about what I want to accomplish:
* Goal 1: Allow anonymous user to browse
http://localhost/svnreps/Isyslib/ ,i.e. user see repos1 and repos2 in
web browser.
* Goal 2: repos1 and repos2 should both be configured to deny anonymous
read and write, only explicit user configured in
D:/SvnReps/Isyslib/svn-authz-file are allowed to read/write.
I found I cannot make it go right.
Case 1: I compose D:/SvnReps/Isyslib/svn-authz-file as
[/]
* = r
[repos1:/]
usera = rw
[repos2:/]
userb = rw
Goal 1 OK, but Goal 2 not. Anonymous can browse+read repos1 and repos2.
Case 2: I compose D:/SvnReps/Isyslib/svn-authz-file
[repos1:/]
usera = rw
[repos2:/]
userb = rw
Goal 2 is OK but Goal 1 not.
When a web client browses http://localhost/svnreps/Isyslib/ ,
* If no username/passwd is provided, the client gets HTTP error 401
Authorization Required.
* If valid username of usera is provided, the client gets HTTP error 403
Forbidden.
Could someone teach me how to accomplish both goals?
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379470
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: How to allow anonymous browsing SVNParentPath but restrict
access to the repos within(plain text)
Posted by "Chen (陈) Jun (军)" <ch...@gmail.com>.
Martin J. Stumpf wrote:
> Since you start out with [/] * = r you need to disallow anonymous read
> on each repo before giving more specific permissions. Like this:
>
> [repos1:/]
> * =
> usera = rw
>
> [repos2:/]
> * =
> userb = rw
>
>
> Hope this helps,
>
> -Martin
>
>
Thank you very much, it really works.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379805
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: How to allow anonymous browsing SVNParentPath but restrict
access to the repos within(plain text)
Posted by "Martin J. Stumpf" <mj...@jhu.edu>.
Chen (?) Jun (?) wrote:
> Hi, I'd like to ask a question here.
>
> I've been using Apache to serve SVN content for quite some years, but I
> got a question recently and can not find an answer from the svn redbean
> book.
>
>
<snip>
> [/]
> * = r
>
> [repos1:/]
> usera = rw
>
> [repos2:/]
> userb = rw
>
> Goal 1 OK, but Goal 2 not. Anonymous can browse+read repos1 and repos2.
>
>
>
> Case 2: I compose D:/SvnReps/Isyslib/svn-authz-file
>
> [repos1:/]
> usera = rw
>
> [repos2:/]
> userb = rw
>
> Goal 2 is OK but Goal 1 not.
>
> When a web client browses http://localhost/svnreps/Isyslib/ ,
> * If no username/passwd is provided, the client gets HTTP error 401
> Authorization Required.
> * If valid username of usera is provided, the client gets HTTP error 403
> Forbidden.
> Could someone teach me how to accomplish both goals?
>
Since you start out with [/] * = r you need to disallow anonymous read
on each repo before giving more specific permissions. Like this:
[repos1:/]
* =
usera = rw
[repos2:/]
* =
userb = rw
Hope this helps,
-Martin
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2379531
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].