tags:

views:

229

answers:

5
Q: 

Access control for multiple projects using SVN

Hi, I am new to SVN and trying to configure access control for multiple projects on SVN. I want to use a single password file and a single authentication file for access control for all the projects. But, it isn't working. Below is my configurations. My directory structure:

/srv
|--svn
   |--repos
      |-- conf
          |-- passwd
          |-- authz
      |-- projectX
      |-- projectY
      |-- projectZ

projectX/conf/svnserve.conf entries for projectX:

[general]
anon-access = none
auth-access = write
password-db = /srv/svn/repos/conf/passwd
authz-db = /srv/svn/repos/conf/authz
realm = Project Repository

Same configuration is used for projectY and projectZ. Entries for /srv/svn/repos/conf/passwd:

[users]
user1 = password
user2 = password
user3 = password

Entries for /srv/svn/repos/conf/authz:

[/]
* = 
user1 = rw
[projectX:/]
user2 = rw
user3 = r
[projectY:/]
user3 = rw
user2 = r
[projectZ:/]
user2 = r
user3 = r

So, user2 should have read-write access to projectX and user3 should have read-only access to projectX. But, only user1 can access all these repositories. user2 and user3 can never access any of the repositories. Every time it gives the error message: Commit failed (Authorization failed!) Can anyone please help me finding my error? I am using version 1.6.5 of Subversion on the server and 1.6.4 on the client.

A: 

I think, the line 

* =

is causing your trouble. Also, I would recommend using a [groups] section and add your users to groups, even if you currently have only one user per group.

ur  2009-10-07 08:06:10
Well, I don't want unauthenticated users to have access on my repositories. Also, I thought the anonymous access setting in the authz file and that in the svnserve.conf should be same.And, I will use a [groups] section once I've solved the current problem.
Ivey  2009-10-07 08:44:42
A: 

i think its because user2 and user3 dont have access to [/]

just my guess, i dont really know how to configure svn.

Andrew Keith  2009-10-07 08:07:00
Just like on the file system, users must have access to the whole path, not just to the leaf node.
Aaron Digulla  2009-10-07 08:09:32
No, that shouldn't be a problem.
Si  2009-10-07 08:09:53
A: 

Make sure you have the CaSe of the repositories (projectX...) are correct in both authz and on the client URL. Subversion has a nasty issue when using authz where checkouts are case insensitive but commits are case sensitive.

Here's an example:

svn co svn://server/projectx/trunk .  // success
... // do work
svn ci // fail 


svn co svn://server/projectX/trunk .  // success
... // do work
svn ci // success

I've also had an issue where the last line in authz and passwd was not a blank line, i.e. adding CRLF to the last line fixed it. That was ages ago though so maybe that's fixed now.

Si  2009-10-07 08:13:11
Thanks for your opinion. But, there is no CaSe issue in the authz file. The configuration in the authz file is just like I wrote.
Ivey  2009-10-07 08:37:20
The case is important for client too.
Si  2009-10-07 13:26:32
A: 

I've successfully used this structure with Subversion 1.4:

Subversion
|-- Config
    |-- a-users
    |-- b-users
|--Repositories
    |-- x-repos
        |-- conf
            |-- svnserve.conf
    |-- y-repos
        |-- conf
            |-- svnserve.conf

... where the svnserve.conf files contained a line like this:

password-db = ../../../Config/a-users

This way I can use one password-db file for any number of repositories or I can have a separate password-db file for each repository.

If you are using Subversion > 1.4, you'll need to to take a look at how configuration has changed in newer versions. One point is that, at least in 1.4, relative paths do work. Hope this helps.

Update: I'm on unix (Mac OS X).

markonian  2010-08-12 22:12:18
@Ivey: To answer your question... Yes, I've been able to use a single authz file. In my example, the a-users and b-users files are the authz files. I moved them up and out to a shared directory so they can be referenced and used for more than one repository. For example (and using my example above), if both x-repos and y-repos svnserve.conf files refer to a-users, then they will both use the same authz file.
markonian  2010-09-09 23:36:04
A: 

@markonian: Have you been able to use a single authz file for these repos?

Ivey  2010-08-14 15:08:35

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?