You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Michael Jervis <mj...@gmail.com> on 2006/03/07 16:46:10 UTC
Authentication and Authorisation
Hi,
Recently having set up a SVN repository at work, we decided to go for
a very simple A&A scheme. Anyone could read any repository, only
logged in developers could write to the repositories.
<Location /repository>
DAV svn
SVNParentPath d:/svn/
SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile "d:/svn/svn-auth-file"
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
This works fine. Now however, we have a new requirement to restrict
access to one of our repositories to only certain developers, and
grant write access to another repository to a lot more users, whilst
restricting the core respository to certain users... So I looked at
the FGAC settings:
<Location /repository>
DAV svn
SVNParentPath d:/svn/
SVNIndexXSLT "/svnindex.xsl"
# our access control policy
AuthzSVNAccessFile d:/svn/authpolicy
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
AuthType Basic
AuthName "RiO Subversion Repository"
AuthUserFile "d:/svn/svn-auth-file"
# <LimitExcept GET PROPFIND OPTIONS REPORT>
# Require valid-user
# </LimitExcept>
</Location>
So far, just what I've grabbed from the book really.
Then in the authpolicy file:
[groups]
developers = mjervis and lots of others
other-app-developers = mjervis, another
otherusers = some other people
everyone = @developers, @other-app-developers, @otherusers
# Read only access to everyone for everything:
[/]
* = r
# write access to core app for devs only
[coreapp:/]
@developers = rw
# Write access to otherapp for mike and h only
[otherapp:/]
@other-app-developers = rw
# Write access to sandbox for everyone with a login:
[sandbox:/]
@everyone = rw
Bearing in mind that my login (mjervis) has not changed, I have not
changed the svn-auth-file at all (yet). When I access:
http://devserver:8080/repository/sandbox
Which should be rw by all people, I get 403, forbidden. When I access
any other repository I get the same, 403, forbidden. I've tried adding
mjervis to the / rule and to the repository:/ rules. No joy.
Working on the basis, it's something obvious to an experience admin,
how big an idiot am I being? What have I missed?
--
Michael Jervis
mjervis@gmail.com
504B03041400000008008F846431E3543A820800000006000000060000007765
62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82
0800000006000000060000000000000000002000000000000000776562676F64
504B05060000000001000100340000002C0000000000
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org