Reputation: 7177
Subversion+Apache authz not authorizing
I am attempting to set up authz. Actually, I had it working, but then I needed to move from Wable to Google Cloud, and while I was at it I moved from Debian to Ubuntu 18.04. I'm also moving from Subversion 1.9.5 to 1.9.7.
I have a backup of the SVN config from Wable+Debian. But just restoring my old files isn't working.
Anyway, I have a large single repo and I want the world to be able to read it, but for myself to be able to read and write it. Also, I have a handful of directories that I want to be private and sometimes those directories need to be writable by an additional user.
My dav_svn.conf looks like:
$ sed -e 's/#.*$//' -e '/^ *$/d' mods-enabled/dav_svn.conf
below cmd output started 2019 Sun Jul 21 09:22:58 AM PDT
<Location "/svn">
DAV svn
SVNPath /var/svn/repos
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
BTW, vim likes to color "REPORT" in red. I'm not sure what that's about - apache seems to pass its syntax check anyway.
And my dav_svn.authz looks like the following (I've removed some of the config to protect the privacy of others) :
$ sed -e 's/#.*$//' -e '/^ *$/d' /etc/apache2/dav_svn.authz
below cmd output started 2019 Sun Jul 21 09:23:52 AM PDT
[/]
dstromberg = rw
* = r
[/private-quizzes]
dstromberg = rw
* =
My repo allows me to change most files - that much is good. But if I try to checkout /private-quizzes, I get an immediate:
$ svn checkout http://stromberg.dnsalias.org/svn/private-quizzes
below cmd output started 2019 Sun Jul 21 09:26:32 AM PDT
svn: E170013: Unable to connect to a repository at URL 'http://stromberg.dnsalias.org/svn/private-quizzes'
svn: E175013: Access to '/svn/private-quizzes' forbidden
As you can see, it isn't even asking for a username and passsword. It doesn't ask for them even if I remove my ~/.subversion .
What do I need to do to get it to try to authenticate me, so I can modify (for EG) private-quizzes again?
Thanks!
Upvotes: 0
Views: 514
Answers (1)
Reputation: 97282
Preface
Please re-read at least samples in this SVN install manual (pay special attention to "Example 2: Mixed anonymous and authenticated access" part - I used all time exactly this method without any troubles /when I was in Subversion/)
Some additional notes
Just for simplicity
- If you define some permission level at
[/]you cam omit repeating it in subtree (i.e when you have rw in /, you'll automatically have the same level on whole tree below) - Even with
SVNPath(i.e. single repository), I'll recommend to use common format for authz's file sections:[repo:/path/in/repo]. From the above docs, from "2. Specifying permissions" part
This will work in the case of using SVNPath as well, only the repository name (the last element of the url) will always be the same.
Resume
I suppose
<Location "/svn">
DAV svn
SVNPath /var/svn/repos
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
Satisfy Any
Require valid-user
</Location>
will be perfectly usable for you and you can try list|checkout|commit to private area even without editing authz-file, but polished authz will be even better, after all
Upvotes: 2
Related Questions
- Can't authenticate Subversion user using Apache and LDAP
- Subversion Apache2.2 LDAPS authentication failed
- Subversion set up to use Windows Authentication but still asking for user / pass
- Subversion "Authorization failed" when creating repository
- Subversion Authz config on Apache
- Strange behaviour of mod_authz_svn
- Issue with svn lock and AuthzSVN in Path Based Authorization
- Problem with AuthzSVNAccessFile
- Svn/Apache user access "500 Internal Error" "Need AuthName" issue
- Subversion with Apache and permissions issues