You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by aaron smith <be...@gmail.com> on 2007/08/09 14:02:36 UTC

Allow access to parts of an SVN repo. Apache & WEBDav

Hey All, I'm running SVN repos through apache and webdav. Is it possible to
give access to certain parts of a repo, but not all of it?

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Andy Levy <an...@gmail.com>.

On 8/9/07, Boris Yazlovitsky <bo...@gmail.com> wrote:
> I'm also interested in this question.
>
> How does one do that, give access to certain parts of the repo but not all
> of it?
>
> also, is it possible to give granular access to users, give some users
> access to some parts of the repository, but not all, and let other users
> have full access to the whole?

Just as with many of the other questions asked on this list, these
questions can be answered by reading the fine manual.
http://svnbook.red-bean.com/en/1.2/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by aaron smith <be...@gmail.com>.

good call. I get annoyed when people ask me stupid questions without going
to the manual too. So i should have just done that.. word.

On 8/9/07, Rainer Sokoll <R....@intershop.de> wrote:
>
> On Thu, Aug 09, 2007 at 10:14:57AM -0400, Boris Yazlovitsky wrote:
>
> > How does one do that, give access to certain parts of the repo but not
> all
> > of it?
> >
> > also, is it possible to give granular access to users, give some users
> > access to some parts of the repository, but not all, and let other users
> > have full access to the whole?
>
> I don't want to be too offensive - so please take my apologies -, but
> what about RTFM?
>
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
>
> Rainer
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Rainer Sokoll <R....@intershop.de>.

On Thu, Aug 09, 2007 at 11:36:23AM -0400, Andy Levy wrote:

> On 8/9/07, Boris Yazlovitsky <bo...@gmail.com> wrote:
> > no offense taken, thanks for the tip.  I'm curious if anyone on this list
> > actually implements this.  If so, please show how.  I learn better from
> > examples.
> 
> Most people do, I think.
> 
> The examples in the book are quite good already. It's not that complicated.

ACK.
Just an addition to the book: Access is granted (or denied) to objects,
not only to directories, as the book states.
So, if we have

-------8<-----
[calc:/branches/calc/bug-142]
harry = rw
sally = r

[calc:/branches/calc/bug-142/secret]
harry =
-------8<-----

we could expand this example to

-------8<-----
[calc:/branches/calc/bug-142]
harry = rw
sally = r

[calc:/branches/calc/bug-142/secret]
harry =

[calc:/branches/calc/bug-142/secret/not-so-secret.txt]
harry = r
-------8<-----

In this case, harry would have access to the file not-so-secret.txt via
a web browser.
Of course, since checking out single files is currently not supported by
subversion, harry cannot check out the file with his subversion client.

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by "Srilakshmanan, Lakshman" <la...@police.vic.gov.au>.

Hi All,

I am not sure if most people would use directory level authorisation for
all Subversion access.

The Subversion manual under "Disabling Path-based Checks" discusses
about the cost of implementing directory level authorisation as
discussed in this thread.

I would imagine directory level authorisation for "commit" would be
required and is implemented well using commit-access-control.pl and
there is also a python version.

Again, directory level authorisation depends on individual requirements.

Thanks
Lakshman

-----Original Message-----
From: Andy Levy [mailto:andy.levy@gmail.com] 
Sent: Friday, 10 August 2007 1:36 AM
To: Boris Yazlovitsky
Cc: users@subversion.tigris.org
Subject: Re: Allow access to parts of an SVN repo. Apache & WEBDav

On 8/9/07, Boris Yazlovitsky <bo...@gmail.com> wrote:
> no offense taken, thanks for the tip.  I'm curious if anyone on this 
> list actually implements this.  If so, please show how.  I learn 
> better from examples.

Most people do, I think.

The examples in the book are quite good already. It's not that
complicated.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

=======================================================
The information contained in this email and any files attached may
be confidential information to the intended recipient and may be
the subject of legal professional privilege or public interest immunity.

If you are not the intended recipient, any use, disclosure or copying is
unauthorised.

If you have received this document in error please telephone 1300 307 082

*******************************************************************
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
*******************************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Andy Levy <an...@gmail.com>.

On 8/9/07, Boris Yazlovitsky <bo...@gmail.com> wrote:
> no offense taken, thanks for the tip.  I'm curious if anyone on this list
> actually implements this.  If so, please show how.  I learn better from
> examples.

Most people do, I think.

The examples in the book are quite good already. It's not that complicated.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Boris Yazlovitsky <bo...@gmail.com>.

no offense taken, thanks for the tip.  I'm curious if anyone on this list
actually implements this.  If so, please show how.  I learn better from
examples.

thanks again,
Boris

On 8/9/07, Rainer Sokoll <R....@intershop.de> wrote:
>
> On Thu, Aug 09, 2007 at 10:14:57AM -0400, Boris Yazlovitsky wrote:
>
> > How does one do that, give access to certain parts of the repo but not
> all
> > of it?
> >
> > also, is it possible to give granular access to users, give some users
> > access to some parts of the repository, but not all, and let other users
> > have full access to the whole?
>
> I don't want to be too offensive - so please take my apologies -, but
> what about RTFM?
>
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
>
> Rainer
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>


-- 
http://www.myspace.com/acrylickalchemical

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Rainer Sokoll <R....@intershop.de>.

On Thu, Aug 09, 2007 at 10:14:57AM -0400, Boris Yazlovitsky wrote:

> How does one do that, give access to certain parts of the repo but not all
> of it?
> 
> also, is it possible to give granular access to users, give some users
> access to some parts of the repository, but not all, and let other users
> have full access to the whole?

I don't want to be too offensive - so please take my apologies -, but
what about RTFM?
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Boris Yazlovitsky <bo...@gmail.com>.

I'm also interested in this question.

How does one do that, give access to certain parts of the repo but not all
of it?

also, is it possible to give granular access to users, give some users
access to some parts of the repository, but not all, and let other users
have full access to the whole?

thank you in advance!
Boris

On 8/9/07, Rainer Sokoll <R....@intershop.de> wrote:
>
> On Thu, Aug 09, 2007 at 10:02:36AM -0400, aaron smith wrote:
>
> > Hey All, I'm running SVN repos through apache and webdav. Is it possible
> to
> > give access to certain parts of a repo, but not all of it?
>
> Yes.
> Look for AuthzSVNAccessFile.
>
> Rainer
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

-- 
http://www.myspace.com/acrylickalchemical

RE: Re: Limiting access through Apache

Posted by Brian Erickson <er...@BAUERCONTROLS.com>.

Hi Everett,

Thanks for your reply.  I didn't end up using the SSPIUsernameCase as
right now I can log in as erickson, Erickson, or ERICKSON and they are
all the same.  I was assuming that using the SSPIUsernameCase directive
would force users to know that the user id's are case sensitive.

Brian

> -----Original Message-----
> From: Feldt, Everett [mailto:efeldt@unitech1.com] 
> Sent: Thursday, August 09, 2007 1:35 PM
> To: Gaurav Kothiyal; Brian Erickson
> Cc: users@subversion.tigris.org
> Subject: RE: Re: Limiting access through Apache
> 
> You may also wish to use the directive
> 
> SSPIUsernameCase lower
> 
> 
> -Everett
> 
> -----Original Message-----
> From: Gaurav Kothiyal [mailto:kothiyal@gmail.com]
> Sent: Thursday, August 09, 2007 1:00 PM
> To: Brian Erickson
> Cc: users@subversion.tigris.org
> Subject: Re: Limiting access through Apache
> 
> I think your svn access file should look like this
> 
> groups = user1, BAUERCONTROLS\user1 , user2, BAUERCONTROLS\user2
> 
> What kind of error it is throwing
> 
> Gaurav
> 
> 
> On 8/9/07, Brian Erickson <er...@bauercontrols.com> wrote:
> > Hi all,
> >
> > I'm got an authentication problem that I can't seem to solve...
> >
> > I'm using Apache on a Windows XP box.
> >
> > The location section in the httpd.conf file looks like:
> >
> > <Location /svn>
> >         DAV svn
> >         SVNListParentPath on
> >         SVNParentPath "D:\svn"
> >
> >         AuthName "Subversion on Snidely"
> >
> >         AuthName "Subversion Authentication"
> >     AuthType SSPI
> >     SSPIAuth On
> >     SSPIAuthoritative On
> >     SSPIDomain BAUERCONTROLS
> >     SSPIOfferBasic On
> >     Require valid-user
> >
> >         AuthzSVNAccessFile "D:\SubVersion\svnaccess.conf"
> > </Location>
> >
> > The svnaccess.conf file looks like:
> > [groups]
> > pcsdevelopers=garyc, kevin, robertson, kriesel, anderson, 
> qi, gourlay, 
> > erickson admins=dusseau, librarian, administrator
> >
> > [/]
> > *=rw
> > @admins=rw
> >
> > [pcs:/]
> > @pcsdevelopers=rw
> >
> > [test:/]
> > @pcsdevelopers=rw
> >
> >
> > I know that the '*=rw' line gives everyone read and write access to
> the
> > repository.  However, if I remove the 'w' then no one can commit 
> > anything.  It's like the group stuff is being ignored.  I've also
> tried
> > not using groups and using specfic user names but that didn't help 
> > either.
> >
> > Any ideas?
> >
> > Thanks,
> > Brian
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
> >
> 
> 
> --
> Gaurav Kothiyal
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: RE: Re: Limiting access through Apache

Posted by Brian Erickson <er...@BAUERCONTROLS.com>.

Got it!

The problem turned out to be in the httpd.conf file. I added:
   SSPIOmitDomain On
and now all is well.

Thanks for taking the time to look at this...
Brian

> -----Original Message-----
> From: Brian Erickson [mailto:erickson@bauercontrols.com] 
> Sent: Thursday, August 09, 2007 2:22 PM
> To: Feldt, Everett; Gaurav Kothiyal
> Cc: users@subversion.tigris.org
> Subject: RE: Re: Limiting access through Apache
> 
> The groups used to be of the form user1, BAUERCONTROLS\USER1. 
>  It was a pain because the user 'user1' would always fail and 
> was the first one tried.  Then logging in as 
> BAUERCONTROLS\USER1 would work.
> 
> What I noticed in the httpd.conf file was that the SSPIDomain 
> was set to DOMAIN.  I changed it to BAUERCONTROLS and then I 
> could log in as erickson.  Making the BAUERCONTROLS\ERICKSON 
> not necessary.
> 
> In any case, having both forms doesn't help.  FWIW: If you 
> can't log in to the BAUERCONTROLS domain, you get no access 
> no matter what the svnaccess.conf file says.
> 
> This is what  I get...
> 
> Sending        test.txt
> svn: Commit failed (details follow):
> svn: CHECKOUT of '/svn/test/!svn/ver/7/test.txt': 403 Forbidden
> (http://snidely)
> 
> svn: Your commit message was left in a temporary file:
> svn:    'D:/junk/svn/test/svn-commit.tmp'
> 
> Brian
> 
> > -----Original Message-----
> > From: Feldt, Everett [mailto:efeldt@unitech1.com]
> > Sent: Thursday, August 09, 2007 1:35 PM
> > To: Gaurav Kothiyal; Brian Erickson
> > Cc: users@subversion.tigris.org
> > Subject: RE: Re: Limiting access through Apache
> > 
> > You may also wish to use the directive
> > 
> > SSPIUsernameCase lower
> > 
> > 
> > -Everett
> > 
> > -----Original Message-----
> > From: Gaurav Kothiyal [mailto:kothiyal@gmail.com]
> > Sent: Thursday, August 09, 2007 1:00 PM
> > To: Brian Erickson
> > Cc: users@subversion.tigris.org
> > Subject: Re: Limiting access through Apache
> > 
> > I think your svn access file should look like this
> > 
> > groups = user1, BAUERCONTROLS\user1 , user2, BAUERCONTROLS\user2
> > 
> > What kind of error it is throwing
> > 
> > Gaurav
> > 
> > 
> > On 8/9/07, Brian Erickson <er...@bauercontrols.com> wrote:
> > > Hi all,
> > >
> > > I'm got an authentication problem that I can't seem to solve...
> > >
> > > I'm using Apache on a Windows XP box.
> > >
> > > The location section in the httpd.conf file looks like:
> > >
> > > <Location /svn>
> > >         DAV svn
> > >         SVNListParentPath on
> > >         SVNParentPath "D:\svn"
> > >
> > >         AuthName "Subversion on Snidely"
> > >
> > >         AuthName "Subversion Authentication"
> > >     AuthType SSPI
> > >     SSPIAuth On
> > >     SSPIAuthoritative On
> > >     SSPIDomain BAUERCONTROLS
> > >     SSPIOfferBasic On
> > >     Require valid-user
> > >
> > >         AuthzSVNAccessFile "D:\SubVersion\svnaccess.conf"
> > > </Location>
> > >
> > > The svnaccess.conf file looks like:
> > > [groups]
> > > pcsdevelopers=garyc, kevin, robertson, kriesel, anderson,
> > qi, gourlay,
> > > erickson admins=dusseau, librarian, administrator
> > >
> > > [/]
> > > *=rw
> > > @admins=rw
> > >
> > > [pcs:/]
> > > @pcsdevelopers=rw
> > >
> > > [test:/]
> > > @pcsdevelopers=rw
> > >
> > >
> > > I know that the '*=rw' line gives everyone read and write 
> access to
> > the
> > > repository.  However, if I remove the 'w' then no one can commit 
> > > anything.  It's like the group stuff is being ignored.  I've also
> > tried
> > > not using groups and using specfic user names but that 
> didn't help 
> > > either.
> > >
> > > Any ideas?
> > >
> > > Thanks,
> > > Brian
> > >
> > >
> > > 
> > 
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > > For additional commands, e-mail: users-help@subversion.tigris.org
> > >
> > >
> > 
> > 
> > --
> > Gaurav Kothiyal
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: Re: Limiting access through Apache

Posted by Brian Erickson <er...@BAUERCONTROLS.com>.

The groups used to be of the form user1, BAUERCONTROLS\USER1.  It was a
pain because the user 'user1' would always fail and was the first one
tried.  Then logging in as BAUERCONTROLS\USER1 would work.

What I noticed in the httpd.conf file was that the SSPIDomain was set to
DOMAIN.  I changed it to BAUERCONTROLS and then I could log in as
erickson.  Making the BAUERCONTROLS\ERICKSON not necessary.

In any case, having both forms doesn't help.  FWIW: If you can't log in
to the BAUERCONTROLS domain, you get no access no matter what the
svnaccess.conf file says.

This is what  I get...

Sending        test.txt
svn: Commit failed (details follow):
svn: CHECKOUT of '/svn/test/!svn/ver/7/test.txt': 403 Forbidden
(http://snidely)

svn: Your commit message was left in a temporary file:
svn:    'D:/junk/svn/test/svn-commit.tmp'

Brian

> -----Original Message-----
> From: Feldt, Everett [mailto:efeldt@unitech1.com] 
> Sent: Thursday, August 09, 2007 1:35 PM
> To: Gaurav Kothiyal; Brian Erickson
> Cc: users@subversion.tigris.org
> Subject: RE: Re: Limiting access through Apache
> 
> You may also wish to use the directive
> 
> SSPIUsernameCase lower
> 
> 
> -Everett
> 
> -----Original Message-----
> From: Gaurav Kothiyal [mailto:kothiyal@gmail.com]
> Sent: Thursday, August 09, 2007 1:00 PM
> To: Brian Erickson
> Cc: users@subversion.tigris.org
> Subject: Re: Limiting access through Apache
> 
> I think your svn access file should look like this
> 
> groups = user1, BAUERCONTROLS\user1 , user2, BAUERCONTROLS\user2
> 
> What kind of error it is throwing
> 
> Gaurav
> 
> 
> On 8/9/07, Brian Erickson <er...@bauercontrols.com> wrote:
> > Hi all,
> >
> > I'm got an authentication problem that I can't seem to solve...
> >
> > I'm using Apache on a Windows XP box.
> >
> > The location section in the httpd.conf file looks like:
> >
> > <Location /svn>
> >         DAV svn
> >         SVNListParentPath on
> >         SVNParentPath "D:\svn"
> >
> >         AuthName "Subversion on Snidely"
> >
> >         AuthName "Subversion Authentication"
> >     AuthType SSPI
> >     SSPIAuth On
> >     SSPIAuthoritative On
> >     SSPIDomain BAUERCONTROLS
> >     SSPIOfferBasic On
> >     Require valid-user
> >
> >         AuthzSVNAccessFile "D:\SubVersion\svnaccess.conf"
> > </Location>
> >
> > The svnaccess.conf file looks like:
> > [groups]
> > pcsdevelopers=garyc, kevin, robertson, kriesel, anderson, 
> qi, gourlay, 
> > erickson admins=dusseau, librarian, administrator
> >
> > [/]
> > *=rw
> > @admins=rw
> >
> > [pcs:/]
> > @pcsdevelopers=rw
> >
> > [test:/]
> > @pcsdevelopers=rw
> >
> >
> > I know that the '*=rw' line gives everyone read and write access to
> the
> > repository.  However, if I remove the 'w' then no one can commit 
> > anything.  It's like the group stuff is being ignored.  I've also
> tried
> > not using groups and using specfic user names but that didn't help 
> > either.
> >
> > Any ideas?
> >
> > Thanks,
> > Brian
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
> >
> 
> 
> --
> Gaurav Kothiyal
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: Re: Limiting access through Apache

Posted by "Feldt, Everett" <ef...@unitech1.com>.

You may also wish to use the directive

SSPIUsernameCase lower


-Everett

-----Original Message-----
From: Gaurav Kothiyal [mailto:kothiyal@gmail.com] 
Sent: Thursday, August 09, 2007 1:00 PM
To: Brian Erickson
Cc: users@subversion.tigris.org
Subject: Re: Limiting access through Apache

I think your svn access file should look like this

groups = user1, BAUERCONTROLS\user1 , user2, BAUERCONTROLS\user2

What kind of error it is throwing

Gaurav


On 8/9/07, Brian Erickson <er...@bauercontrols.com> wrote:
> Hi all,
>
> I'm got an authentication problem that I can't seem to solve...
>
> I'm using Apache on a Windows XP box.
>
> The location section in the httpd.conf file looks like:
>
> <Location /svn>
>         DAV svn
>         SVNListParentPath on
>         SVNParentPath "D:\svn"
>
>         AuthName "Subversion on Snidely"
>
>         AuthName "Subversion Authentication"
>     AuthType SSPI
>     SSPIAuth On
>     SSPIAuthoritative On
>     SSPIDomain BAUERCONTROLS
>     SSPIOfferBasic On
>     Require valid-user
>
>         AuthzSVNAccessFile "D:\SubVersion\svnaccess.conf"
> </Location>
>
> The svnaccess.conf file looks like:
> [groups]
> pcsdevelopers=garyc, kevin, robertson, kriesel, anderson, qi, gourlay,
> erickson
> admins=dusseau, librarian, administrator
>
> [/]
> *=rw
> @admins=rw
>
> [pcs:/]
> @pcsdevelopers=rw
>
> [test:/]
> @pcsdevelopers=rw
>
>
> I know that the '*=rw' line gives everyone read and write access to
the
> repository.  However, if I remove the 'w' then no one can commit
> anything.  It's like the group stuff is being ignored.  I've also
tried
> not using groups and using specfic user names but that didn't help
> either.
>
> Any ideas?
>
> Thanks,
> Brian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>


-- 
Gaurav Kothiyal

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Limiting access through Apache

Posted by Gaurav Kothiyal <ko...@gmail.com>.

I think your svn access file should look like this

groups = user1, BAUERCONTROLS\user1 , user2, BAUERCONTROLS\user2

What kind of error it is throwing

Gaurav


On 8/9/07, Brian Erickson <er...@bauercontrols.com> wrote:
> Hi all,
>
> I'm got an authentication problem that I can't seem to solve...
>
> I'm using Apache on a Windows XP box.
>
> The location section in the httpd.conf file looks like:
>
> <Location /svn>
>         DAV svn
>         SVNListParentPath on
>         SVNParentPath "D:\svn"
>
>         AuthName "Subversion on Snidely"
>
>         AuthName "Subversion Authentication"
>     AuthType SSPI
>     SSPIAuth On
>     SSPIAuthoritative On
>     SSPIDomain BAUERCONTROLS
>     SSPIOfferBasic On
>     Require valid-user
>
>         AuthzSVNAccessFile "D:\SubVersion\svnaccess.conf"
> </Location>
>
> The svnaccess.conf file looks like:
> [groups]
> pcsdevelopers=garyc, kevin, robertson, kriesel, anderson, qi, gourlay,
> erickson
> admins=dusseau, librarian, administrator
>
> [/]
> *=rw
> @admins=rw
>
> [pcs:/]
> @pcsdevelopers=rw
>
> [test:/]
> @pcsdevelopers=rw
>
>
> I know that the '*=rw' line gives everyone read and write access to the
> repository.  However, if I remove the 'w' then no one can commit
> anything.  It's like the group stuff is being ignored.  I've also tried
> not using groups and using specfic user names but that didn't help
> either.
>
> Any ideas?
>
> Thanks,
> Brian
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>


-- 
Gaurav Kothiyal

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Limiting access through Apache

Posted by Brian Erickson <er...@BAUERCONTROLS.com>.

Hi all,

I'm got an authentication problem that I can't seem to solve...

I'm using Apache on a Windows XP box.

The location section in the httpd.conf file looks like:

<Location /svn>
	DAV svn
	SVNListParentPath on
	SVNParentPath "D:\svn"
	
	AuthName "Subversion on Snidely"
	
	AuthName "Subversion Authentication"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIDomain BAUERCONTROLS
    SSPIOfferBasic On
    Require valid-user
	
	AuthzSVNAccessFile "D:\SubVersion\svnaccess.conf"
</Location>

The svnaccess.conf file looks like:
[groups]
pcsdevelopers=garyc, kevin, robertson, kriesel, anderson, qi, gourlay,
erickson
admins=dusseau, librarian, administrator

[/]
*=rw
@admins=rw

[pcs:/]
@pcsdevelopers=rw

[test:/]
@pcsdevelopers=rw


I know that the '*=rw' line gives everyone read and write access to the
repository.  However, if I remove the 'w' then no one can commit
anything.  It's like the group stuff is being ignored.  I've also tried
not using groups and using specfic user names but that didn't help
either.

Any ideas?

Thanks,
Brian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Allow access to parts of an SVN repo. Apache & WEBDav

Posted by Rainer Sokoll <R....@intershop.de>.

On Thu, Aug 09, 2007 at 10:02:36AM -0400, aaron smith wrote:

> Hey All, I'm running SVN repos through apache and webdav. Is it possible to
> give access to certain parts of a repo, but not all of it?

Yes.
Look for AuthzSVNAccessFile.

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org