0

I'm having trouble granting permissions to certain users in Collabnet SVN Subversion Edge. I currently have 3 repos: documentation, ipm and modules. I have two users: jeremy.johnson and jeremyj. I want to give read access to jeremyj for documentation and ipm and give jeremy.johnson access to modules. I don't want the users to see each other's repos.

I can't do

    [/]
    * = r

Because then everyone can see everyone.

So instead I did this

    [documentation:/]
    jeremyj = r

    [ipm:/]
    jeremyj = r

    [modules:/]
    jeremy.johnson = r

but that doesn't seem to allow anything. Whether I log in as jeremyj or jeremy.johnson I don't have access to any of them. The only way I can get to access any of them is if I use the wildcard but that defeats the purpose.

I also tried adding it to the \documentation\conf\authz file but that seemed to do nothing at all.

Edited with @Lazy Badger's suggestions: To show the actual syntax and case I'm using I'm attaching screen shots instead.

access rules users repos

But jeremy.johnson can still see the contents of documentation.

Jeremy
  • 147
  • 1
  • 1
  • 14

2 Answers2

0

You must

[/]
* = r

or, maybe better

~$anonymous = r

and revoke access at per-repositopy basis for every user

[documentation:/]
jeremyj = r
jeremy.johnson = 

[ipm:/]
jeremyj = r
jeremy.johnson = 

[modules:/]
jeremyj = 
jeremy.johnson = r

This way everybody will can see the full list of repos, but not their content

Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
  • Thanks for the suggestion. I tried both * and anonymous on the the root then tried excluding jeremy.johnson on documentation like you suggested but jeremy.johnson can still see the contents of documentation. – Jeremy Aug 28 '19 at 20:36
  • @Jeremy - it's at least *strange*. I can't recall case-sensitivity rules for paths in authz, maybe it's somehow your case? – Lazy Badger Aug 29 '19 at 20:48
  • I have quadruple checked that I'm using the same case all the way around for that reason. – Jeremy Aug 29 '19 at 22:07
  • @Jeremy - OK, if your svnserve use *this* autz-file (but, please, check it in svnserve.conf one more time), let's text it step-by step: with existing `/` access, revoke all access for all users in all repos (as result you'' be avle ls in root and nothing more) and add one user in one step to every repo in question. On the rights on delirium, because "it's impossible for such simple rules to fail!" – Lazy Badger Aug 29 '19 at 22:27
  • I just posted my update in the OP so it's easier to show there. I would prefer using Access Rules over the authz file. I currently have everything auth related in the authz file commented out. – Jeremy Aug 30 '19 at 14:13
0

What you are doing ought to work. The canonical documentation for the authz feature and syntax is here: http://svnbook.red-bean.com/en/1.8/svn.serverconfig.pathbasedauthz.html

To troubleshoot I would look at the Apache access log. You ought to be able to see the entries added when your client accesses the repository. Look for the logged username. My guess is that something does not match the rules. Maybe the case is different or your client is authenticating with a different username then you think. The authz rules need to match the username you see logged.

bahrep
  • 29,961
  • 12
  • 103
  • 150
Mark Phippard
  • 10,329
  • 2
  • 32
  • 42