Michael P. Reilly wrote on Thu, May 24, 2012 at 15:13:33 -0400:
> On Thu, May 24, 2012 at 2:36 PM, trevor obba <trevor_o...@yahoo.co.uk>wrote:
>
> > I am running subversion 1.6.6 on Ubuntu 10.04 (Lucid), Viewvc
> > 1.0.9 and apache2 (2.2.14) and LDAP authentication.
> >
> >
> > I have multiple repositories on my SVN server and it all
> > working fine, however I am unable to set access control (permissions)
> > using AuthzSVNAccessFile.
> >
> > “SVNParentPath /abc/svn”
> >
> >
> > The directories to my repositories are:
> > /abc/svn/repo1
> > /abc/svn/repo2
> > /abc/svn/repo3
> > /abc/svc/repo4
> >
> > Users log-in with their LDAP account to https://www.test.com/viewvc or
> > https://www.test.com/svn and can see all
> > repositories however when users drill down or click on repository only
> > specific
> > users should be able to read and write to repository.
> >
> > I tried to set up permission on repository but it does not
> > seem to work, where specific group of users are given read write access a
> > repository like
> >
> > [groups]
> > developer1 = john, matthew, trevor
> > developer2 = john, monika, nick, Andrew
> > developer3 = john, victor, brown,
> >
> >
> > [/]
> > * = r
> >
> > [repo1:/]
> > @developer1 = rw
> >
> > [repo2:/]
> > @developer2 = rw
> >
> > [repo3:/]
> > @developer3 = rw
> >
> > The above permission does not work; users are still able to
> > drill down repositories regardless of permission, unless I explicitly state
> > that other groups have no permission to repository then it work like
> >
> > [/]
> > * = r
> >
> > [repo1:/]
> > @developer1 = rw
> > @developer2 =
> > @developer3 =
> >
> > [repo2:/]
> > @developer2 = rw
> > @developer1 =
> > @developer3 =
> >
> > [repo3:/]
> > @developer3 = rw
> > @developer1 =
> > @developer2 =
> >
> >
> > However if any users, that are not a member of developer1,
> > developer2 and developer3
> > Logs-in he can drill down to every repositories and read any
> > files.
> >
> > How do I restrict access to repository to specify group?
> >
> > Here is my dav_svn.conf
> > <Location /svn/>
> > DAV svn
> > SVNParentPath /abc/svn
> > SVNListParentPath On
> > AuthType Basic
> > AuthName
> > "Subversion Repository"
> > AuthBasicProvider ldap
> > AuthzLDAPAuthoritative on
> > AuthLDAPBindDN
> > "o=bindme"
> > AuthLDAPURL ldap://x.x.x.x:389/ STARTTLS
> > AuthzSVNAccessFile /etc/apache2/acl
> > Require valid-user
> > </Location>
> >
> > What am I doing wrong? Can help please
> >
> > What am I doing wrong? Can help please
> >
>
> Try removing the lines:
>
> [/]
> * = r
>
>
> This is a catch-all that says "anyone accessing '/' or below has read-only
> access.
>
> What I do is have a 'catch-all' group and give global access to that group.
> Then I just moving users in and out of that group as needed to give or
> remove permissions.
>
When both [repo:/foo] and [/foo] exist, and the repository
${SVNParentPath}/foo is access, the section [/foo] is not used.
I think this is even documented in recent versions of the book.
> -Arcege
> --
> What comes after the O-nut?
> The P-nut
> What comes after the P-nut?
> The elephant
> *joke told by my sons*
