Access control for multiple projects using SVN

0
votes

I am new to SVN and trying to configure access control for multiple projects on SVN. I want to use a single password file and a single authentication file for access control for all the projects. But, it isn't working. Below is my configurations. My directory structure:

/srv
|--svn
   |--repos
      |-- conf
          |-- passwd
          |-- authz
      |-- projectX
      |-- projectY
      |-- projectZ

projectX/conf/svnserve.conf entries for projectX:

[general]
anon-access = none
auth-access = write
password-db = /srv/svn/repos/conf/passwd
authz-db = /srv/svn/repos/conf/authz
realm = Project Repository

Same configuration is used for projectY and projectZ. Entries for /srv/svn/repos/conf/passwd:

[users]
user1 = password
user2 = password
user3 = password

Entries for /srv/svn/repos/conf/authz:

[/]
* = 
user1 = rw
[projectX:/]
user2 = rw
user3 = r
[projectY:/]
user3 = rw
user2 = r
[projectZ:/]
user2 = r
user3 = r

So, user2 should have read-write access to projectX and user3 should have read-only access to projectX. But, only user1 can access all these repositories. user2 and user3 can never access any of the repositories. Every time it gives the error message: Commit failed (Authorization failed!) Can anyone please help me finding my error? I am using version 1.6.5 of Subversion on the server and 1.6.4 on the client.

4
svn
Does it have to do anything with the fact that I'm using svnserve and not Apache? Does svnserve allow using single authz file for multiple repositories? I've tried single passwd file and separate authz file for each repository and it worked! I couldn't find anything in the SVN red book that says svnserve doesn't allow single authz file.Ivey

4 Answers

1
votes

I've successfully used this structure with Subversion 1.4:

Subversion
|-- Config
    |-- a-users
    |-- b-users
|--Repositories
    |-- x-repos
        |-- conf
            |-- svnserve.conf
    |-- y-repos
        |-- conf
            |-- svnserve.conf

... where the svnserve.conf files contained a line like this:

password-db = ../../../Config/a-users

This way I can use one password-db file for any number of repositories or I can have a separate password-db file for each repository.

If you are using Subversion > 1.4, you'll need to to take a look at how configuration has changed in newer versions. One point is that, at least in 1.4, relative paths do work. Hope this helps.

Update: I'm on unix (Mac OS X).

0
votes

I think, the line 

* =

is causing your trouble. Also, I would recommend using a [groups] section and add your users to groups, even if you currently have only one user per group.

0
votes

Make sure you have the CaSe of the repositories (projectX...) are correct in both authz and on the client URL. Subversion has a nasty issue when using authz where checkouts are case insensitive but commits are case sensitive.

Here's an example:

svn co svn://server/projectx/trunk .  // success
... // do work
svn ci // fail 


svn co svn://server/projectX/trunk .  // success
... // do work
svn ci // success

I've also had an issue where the last line in authz and passwd was not a blank line, i.e. adding CRLF to the last line fixed it. That was ages ago though so maybe that's fixed now.

0
votes

I think it's because user2 and user3 don't have access to [/].

It is just my guess; I don't really know how to configure SVN.