authorization - how can I set?

[Vida Péter <pe...@adversum.hu>]

Hi!

I would like to set authorization for some users to not to access some
dictionaries in repository.

I set default authorization file in repository as the example says, and
uncommented the corresponding line in svserve.conf. All the same it isn't
work. The message is: 'Authorization failed'

Can I use authorization with svnserve or can't. I didn't find this
information in Subversion Book explicitly but I feel the answer is can't.

Could you help me?

Thanks!

Peter, Vida


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: authorization - how can I set?

[Ronan Lucio <ro...@tiper.com.br>]

Vida Péter escreveu:
> [groups]
> @nephews = hewey,dewey,louie
>   

Try to define the group without at (@)
Example:

[groups]
nephews = hewey, dewey, louie

[repos:/]

@nephews donald = r


Ronan

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: authorization - how can I set?

[Thomas Hemmer <th...@go-engineering.de>]

Peter,

please notice that the subversion book is somewhat behind Subversion
itself.
Nevertheless path-based authorization for svnserve has_really_ been
introduced with version 1.3 - believe me, I've been using it since
months ;-)

On the other hand, I must admit that my %&$@! mail client scrambled the
given example such that it can't work at all and, if that weren't
enough, I preceded the group name definitions with an 'at' sign by
mistake  ...
This time I send it as an attachment in order to fool Outlook; try it
again and let me know if you have more success.


Thomas



> -----Original Message-----
> From: Vida Péter [mailto:peter.vida@adversum.hu]
> Sent: Monday, November 27, 2006 10:14 AM
> To: 'Thomas Hemmer'; 'Subversion Users'
> Subject: RE: authorization - how can I set?
>
> Hi Thomas,
>
> I have done that you adviced, but it is still not working.
> The error message:
> 	Error * An authz rule refers to group 'nephews', which
> is undefined
>
> My authz file is as follows:
> -------------------------------
> [groups]
> @nephews = hewey,dewey,louie
> @duck = donald,daisy,@nephews
>
> [/some_directory]
> @nephews donald = r
> daisy = rw
> -------------------------------
>
> I have read this in SVN book (section: svnserve, a custom server):
> "Notice that svnserve only understands "blanket" access
> control. A user either has universal read/write access,
> universal read access, or no access.
> There is no detailed control over access to specific paths
> within the repository. For many projects and sites, this
> level of access control is more than adequate. However, if
> you need per-directory access control, you'll need to use
> either use Apache with mod_authz_svn or use a pre-commit hook
> script to control write access"
>
> Conclusions fo me:
> 1. with svnserve I can use only universal rw, r or no access.
> 2. for using per-directory access control, I should use
> Apache server 3. with pre-commit hook script I can use only
> write access control, without read access control
>
> What do you think?
> Did I misinterpret SVN book?
>
> Thanks a lot!
>
> Peter
>
> -----Original Message-----
> From: Thomas Hemmer [mailto:themmer@go-engineering.de]
> Sent: Friday, November 24, 2006 6:18 PM
> To: 'Vida Péter'; 'Subversion Users'
> Subject: RE: authorization - how can I set?
>
> Peter,
>
> svnserve has taken an authz file since version 1.3.
> Concerning the contents of this file everything stated within
> the SVN book holds also with the excception of repository
> names preceding repository paths.
> I have been using per-path authorization in conjunction with
> svnserve since months without running into any trouble.
> Maybe you are bothering with the same misunderstanding that I did too:
>
> @duck = donald,daisy,hewey,dewey,louie
>
> .....
>
> [/some_directory]
> @duck donald = r
> daisy = rw
>
> First I had expected this to grant read permissions on
> /some_directory to donald, read/write to daisy and none at
> all to the nephews.
> But, in reality, noone is granted anything at all since
> apparently a revoke "wins" over every grant on the same directory.
> Instead, you should perhaps move to
>
> @nephews = hewey,dewey,louie
> @duck = donald,daisy,@nephews
> .....
>
> [/some_directory]
> @nephews donald = r
> daisy = rw
>
>
> Good luck,
>
> Thomas
>
>
> > -----Original Message-----
> > From: Vida Péter [mailto:peter.vida@adversum.hu]
> > Sent: Friday, November 24, 2006 5:52 PM
> > To: 'Subversion Users'
> > Subject: authorization - how can I set?
> >
> > Hi!
> >
> > I would like to set authorization for some users to not to
> access some
> > dictionaries in repository.
> >
> > I set default authorization file in repository as the example says,
> > and uncommented the corresponding line in svserve.conf.
> > All the same it isn't work. The message is: 'Authorization failed'
> >
> > Can I use authorization with svnserve or can't. I didn't find this
> > information in Subversion Book explicitly but I feel the answer is
> > can't.
> >
> > Could you help me?
> >
> > Thanks!
> >
> > Peter, Vida
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>


begin 666 authz.dat
M;F5P:&5W<R ](&AE=V5Y+&1E=V5Y+&QOnE#0ID=6-K(#T@9&]N86QD+&1A
M:7-Y+$!N97!H97=S#0H-"ELO<V]M95]D:7)E8W1O<GE=#0I ;F5P:&5W<R ]
<#0ID;VYA;&0@/2!R#0ID86ES>2 ](')W#0H-"@``
`
end


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: authorization - how can I set?

[Vida Péter <pe...@adversum.hu>]

Hi Thomas,

I have done that you adviced, but it is still not working. 
The error message: 
	Error * An authz rule refers to group 'nephews', which is undefined

My authz file is as follows:
-------------------------------
[groups]
@nephews = hewey,dewey,louie
@duck = donald,daisy,@nephews

[/some_directory]
@nephews donald = r
daisy = rw
-------------------------------

I have read this in SVN book (section: svnserve, a custom server):
"Notice that svnserve only understands "blanket" access control. A user
either has universal read/write access, universal read access, or no access.
There is no detailed control over access to specific paths within the
repository. For many projects and sites, this level of access control is
more than adequate. However, if you need per-directory access control,
you'll need to use either use Apache with mod_authz_svn or use a pre-commit
hook script to control write access"

Conclusions fo me:
1. with svnserve I can use only universal rw, r or no access.
2. for using per-directory access control, I should use Apache server
3. with pre-commit hook script I can use only write access control, without
read access control

What do you think?
Did I misinterpret SVN book?

Thanks a lot!

Peter

-----Original Message-----
From: Thomas Hemmer [mailto:themmer@go-engineering.de] 
Sent: Friday, November 24, 2006 6:18 PM
To: 'Vida Péter'; 'Subversion Users'
Subject: RE: authorization - how can I set?

Peter,

svnserve has taken an authz file since version 1.3.
Concerning the contents of this file everything stated within the SVN
book holds also with the excception of repository names preceding
repository paths.
I have been using per-path authorization in conjunction with svnserve
since months without running into any trouble.
Maybe you are bothering with the same misunderstanding that I did too:

@duck = donald,daisy,hewey,dewey,louie

....

[/some_directory]
@duck donald = r
daisy = rw

First I had expected this to grant read permissions on /some_directory
to donald, read/write to daisy and none at all to the nephews.
But, in reality, noone is granted anything at all since apparently a
revoke "wins" over every grant on the same directory.
Instead, you should perhaps move to

@nephews = hewey,dewey,louie
@duck = donald,daisy,@nephews
....

[/some_directory]
@nephews donald = r
daisy = rw


Good luck,

Thomas


> -----Original Message-----
> From: Vida Péter [mailto:peter.vida@adversum.hu]
> Sent: Friday, November 24, 2006 5:52 PM
> To: 'Subversion Users'
> Subject: authorization - how can I set?
>
> Hi!
>
> I would like to set authorization for some users to not to
> access some dictionaries in repository.
>
> I set default authorization file in repository as the example
> says, and uncommented the corresponding line in svserve.conf.
> All the same it isn't work. The message is: 'Authorization failed'
>
> Can I use authorization with svnserve or can't. I didn't find
> this information in Subversion Book explicitly but I feel the
> answer is can't.
>
> Could you help me?
>
> Thanks!
>
> Peter, Vida
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: authorization - how can I set?

[Thomas Hemmer <th...@go-engineering.de>]

Peter,

svnserve has taken an authz file since version 1.3.
Concerning the contents of this file everything stated within the SVN
book holds also with the excception of repository names preceding
repository paths.
I have been using per-path authorization in conjunction with svnserve
since months without running into any trouble.
Maybe you are bothering with the same misunderstanding that I did too:

@duck = donald,daisy,hewey,dewey,louie

....

[/some_directory]
@duck donald = r
daisy = rw

First I had expected this to grant read permissions on /some_directory
to donald, read/write to daisy and none at all to the nephews.
But, in reality, noone is granted anything at all since apparently a
revoke "wins" over every grant on the same directory.
Instead, you should perhaps move to

@nephews = hewey,dewey,louie
@duck = donald,daisy,@nephews
....

[/some_directory]
@nephews donald = r
daisy = rw


Good luck,

Thomas


> -----Original Message-----
> From: Vida Péter [mailto:peter.vida@adversum.hu]
> Sent: Friday, November 24, 2006 5:52 PM
> To: 'Subversion Users'
> Subject: authorization - how can I set?
>
> Hi!
>
> I would like to set authorization for some users to not to
> access some dictionaries in repository.
>
> I set default authorization file in repository as the example
> says, and uncommented the corresponding line in svserve.conf.
> All the same it isn't work. The message is: 'Authorization failed'
>
> Can I use authorization with svnserve or can't. I didn't find
> this information in Subversion Book explicitly but I feel the
> answer is can't.
>
> Could you help me?
>
> Thanks!
>
> Peter, Vida
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org