tags:

views:

16

answers:

1

Hello,

CentOS 5.5
Subversion 1.4
httpd-2.2.3-43.el5.centos.3

I have the following repository structure I am created multiple directories for each project under a project category. For example, we have projects for WEB and DEV

So all WEB projects will have their own repositories and the same for DEV.

My structure is this:

/var/www/svn/repos/WEB/web_project1
/var/www/svn/repos/WEB/web_project2

/var/www/svn/repos/DEV/dev_project1
/var/www/svn/repos/DEV/dev_project2

*_project* will have their own repositories. i.e.

svnadmin create /var/www/svn/repos/WEB web_project1

I have created the following subversion.conf for these categories.

<Location /WEB>
   DAV svn
   SVNListParentPath on
   SVNParentPath /var/www/wsvn/repos/WEB

   # Type of authentication
   AuthType Basic
   AuthUserFile /etc/svn-auth-file

   # Access control list for control user groups read and write access
   AuthzSVNAccessFile /etc/svn-acl-file

   # Only valid authenticated user's can access
   Require valid-user
</Location>

<Location /DEV>
   DAV svn
   SVNListParentPath on
   SVNParentPath /var/www/wsvn/repos/DEV

   # Type of authentication
   AuthType Basic
   AuthUserFile /etc/svn-auth-file

   # Access control list for control user groups read and write access
   AuthzSVNAccessFile /etc/svn-acl-file

   # Only valid authenticated user's can access
   Require valid-user
</Location>

The problem is with my access control lists.

# Everyone has read access to the repository
[/]
* = r

[group]
WEB-developers = tom
DEV-developers = dick, harry

everyone = tom, dick, harry

[WEB:/]
@WEB-developers

[DEV:/]
@DEV-developers

When I try and browse to the url http://x.x.x.x/DEV/

I get a 403 request denied.

However, if browse to this url http://x.x.x.x/DEV/dev_project1

I am allowed access.

However, I want to grant all DEV-developers access to all the projects. So they have root access on the DEV directory and all projects below.

So basically, I want to allow dick and harry to have access to every project under DEV? So they can go to this url http://x.x.x.x/DEV/ and view all the projects.

Where am I going wrong with my access control list?

Many thanks for any suggestions,

+1  A: 

Not really sure but I understand that you have 2 different svn severs:

http://x.x.x.x/DEV/

http://x.x.x.x/WEB/

Both of them using apache+svn and the same config. This way WEB or DEV doesn´t match any rules in your config becouse both of them only start matching after http://x.x.x.x/YYY/ so the rules will only aply if a folder like http://x.x.x.x/WEB/WEB existed.

As they are both 2 different servers I will advice you to have 2 different svnauth files each one granting the read/write to whoever you want.

frisco
Hello, Actually they are both on the same server. i.e. http://10.10.10.1/WEB and http://10.10.10.1/DEV/ However, this will have to be extended to have TEST, NETWORK, and some others. So I am trying to keep it in the same file for authenticating. So all the user who are granting to each one. Should be able to see all the projects under which they are granted. I hope that helps explains. Thanks.
robUK
I understand what you are talking but your setup right now is 2 servers with N repositories each you should point apache to `/var/www/wsvn/repos` and use a comon file if you want to do what you say, but with the current setup is impossible to do what you are trying to do.
frisco