On Thu, May 24, 2012 at 2:36 PM, trevor obba <trevor_o...@yahoo.co.uk>wrote:
> I am running subversion 1.6.6 on Ubuntu 10.04 (Lucid), Viewvc > 1.0.9 and apache2 (2.2.14) and LDAP authentication. > > > I have multiple repositories on my SVN server and it all > working fine, however I am unable to set access control (permissions) > using AuthzSVNAccessFile. > > “SVNParentPath /abc/svn” > > > The directories to my repositories are: > /abc/svn/repo1 > /abc/svn/repo2 > /abc/svn/repo3 > /abc/svc/repo4 > > Users log-in with their LDAP account to https://www.test.com/viewvc or > https://www.test.com/svn and can see all > repositories however when users drill down or click on repository only > specific > users should be able to read and write to repository. > > I tried to set up permission on repository but it does not > seem to work, where specific group of users are given read write access a > repository like > > [groups] > developer1 = john, matthew, trevor > developer2 = john, monika, nick, Andrew > developer3 = john, victor, brown, > > > [/] > * = r > > [repo1:/] > @developer1 = rw > > [repo2:/] > @developer2 = rw > > [repo3:/] > @developer3 = rw > > The above permission does not work; users are still able to > drill down repositories regardless of permission, unless I explicitly state > that other groups have no permission to repository then it work like > > [/] > * = r > > [repo1:/] > @developer1 = rw > @developer2 = > @developer3 = > > [repo2:/] > @developer2 = rw > @developer1 = > @developer3 = > > [repo3:/] > @developer3 = rw > @developer1 = > @developer2 = > > > However if any users, that are not a member of developer1, > developer2 and developer3 > Logs-in he can drill down to every repositories and read any > files. > > How do I restrict access to repository to specify group? > > Here is my dav_svn.conf > <Location /svn/> > DAV svn > SVNParentPath /abc/svn > SVNListParentPath On > AuthType Basic > AuthName > "Subversion Repository" > AuthBasicProvider ldap > AuthzLDAPAuthoritative on > AuthLDAPBindDN > "o=bindme" > AuthLDAPURL ldap://x.x.x.x:389/ STARTTLS > AuthzSVNAccessFile /etc/apache2/acl > Require valid-user > </Location> > > What am I doing wrong? Can help please > > What am I doing wrong? Can help please > Try removing the lines: [/] * = r This is a catch-all that says "anyone accessing '/' or below has read-only access. What I do is have a 'catch-all' group and give global access to that group. Then I just moving users in and out of that group as needed to give or remove permissions. -Arcege -- What comes after the O-nut? The P-nut What comes after the P-nut? The elephant *joke told by my sons*
