access control lists for granting permissions

Question

Hello,

CentOS 5.5
Subversion 1.4
httpd-2.2.3-43.el5.centos.3

I have the following repository structure I am created multiple directories for each project under a project category. For example, we have projects for WEB and DEV

So all WEB projects will have their own repositories and the same for DEV.

My structure is this:

/var/www/svn/repos/WEB/web_project1
/var/www/svn/repos/WEB/web_project2

/var/www/svn/repos/DEV/dev_project1
/var/www/svn/repos/DEV/dev_project2

*_project* will have their own repositories. i.e.

svnadmin create /var/www/svn/repos/WEB web_project1

I have created the following subversion.conf for these categories.

<Location /WEB>
   DAV svn
   SVNListParentPath on
   SVNParentPath /var/www/wsvn/repos/WEB

   # Type of authentication
   AuthType Basic
   AuthUserFile /etc/svn-auth-file

   # Access control list for control user groups read and write access
   AuthzSVNAccessFile /etc/svn-acl-file

   # Only valid authenticated user's can access
   Require valid-user
</Location>

<Location /DEV>
   DAV svn
   SVNListParentPath on
   SVNParentPath /var/www/wsvn/repos/DEV

   # Type of authentication
   AuthType Basic
   AuthUserFile /etc/svn-auth-file

   # Access control list for control user groups read and write access
   AuthzSVNAccessFile /etc/svn-acl-file

   # Only valid authenticated user's can access
   Require valid-user
</Location>

The problem is with my access control lists.

# Everyone has read access to the repository
[/]
* = r

[group]
WEB-developers = tom
DEV-developers = dick, harry

everyone = tom, dick, harry

[WEB:/]
@WEB-developers

[DEV:/]
@DEV-developers

When I try and browse to the url http://x.x.x.x/DEV/

I get a 403 request denied.

However, if browse to this url http://x.x.x.x/DEV/dev_project1

I am allowed access.

However, I want to grant all DEV-developers access to all the projects. So they have root access on the DEV directory and all projects below.

So basically, I want to allow dick and harry to have access to every project under DEV? So they can go to this url http://x.x.x.x/DEV/ and view all the projects.

Where am I going wrong with my access control list?

Many thanks for any suggestions,

Answer 1

Not really sure but I understand that you have 2 different svn severs:

http://x.x.x.x/DEV/

http://x.x.x.x/WEB/

Both of them using apache+svn and the same config. This way WEB or DEV doesn´t match any rules in your config becouse both of them only start matching after http://x.x.x.x/YYY/ so the rules will only aply if a folder like http://x.x.x.x/WEB/WEB existed.

As they are both 2 different servers I will advice you to have 2 different svnauth files each one granting the read/write to whoever you want.