You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Styrberg Kenneth <ke...@saabgroup.com> on 2008/04/09 13:31:04 UTC

Setup authz file

Hi,

we have a simple setup with some projects in our repository. Now we want
to restrict access to some projects by setting access to "no-access" but
it does not work as we expect.

Here is the authz file:

[/]
*=r

[proj1]
@group1=rw
*=

[proj2]
@group1=rw


What we want is to have no access to proj1 unless member of group1 and
read access to proj2 unless member of group1. 
Simple enough? Problem is that group1 cannot even checkout proj1, with
error "Read access denied for root of edit". If we set [/] to *=rw, then
checkout is possible, but our access rules isnt what we want.

Can someone shed a light on how to configure this properly.

Svn version 1.4.0


Regards

Kenneth

Re: Setup authz file

Posted by Holger Stratmann <ti...@finch.de>.

Styrberg Kenneth wrote:
>
> Hi,
>
> we have a simple setup with some projects in our repository. Now we 
> want to restrict access to some projects by setting access to 
> "no-access" but it does not work as we expect.
>
Have you read the documentation? ;-D
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html

AFAIK, you need
[proj1:/]
instead of
[proj1]

Perhaps more importantly: is this the whole authz-file?! Where is group1 
even defined?! You do have a [groups] - section, right? If you don't, 
you just block access for everybody and this explains why (the 
nonexistant) group1 cannot even checkout...

Good luck,

Holger

P.S.: If you don't need PATH-based authorization, but rather 
"repository-based" authorization, this might be MUCH better placed in 
Apache's httpd.conf!!
This can easily be achived with a single "Location" or "LocationMatch" 
in Apache... (sth like "/svn/(proj1|proj2|projn)/")
Read the brown(ish) box on the page I linked above...

> Here is the authz file:
>
> [/]
> *=r
>
> [proj1]
> @group1=rw
> *=
>
> [proj2]
> @group1=rw
>
>
> What we want is to have no access to proj1 unless member of group1 and 
> read access to proj2 unless member of group1.
> Simple enough? Problem is that group1 cannot even checkout proj1, with 
> error "Read access denied for root of edit". If we set [/] to *=rw, 
> then checkout is possible, but our access rules isnt what we want.
>
> Can someone shed a light on how to configure this properly.
>
> Svn version 1.4.0
>
>
> Regards
>
> Kenneth
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org