apache web dav svn multiple repositories, one ACL file

2
votes

I am having a really hard time trying to solve an issue I have with some apache configuration with web dav and authentication. I have several repositories and I want to use one single permissions (ACL) file. Is this even possible ? I get forbidden with my current setup. Here it is: My repos: /var/svn/repos/project_1

/var/svn/repos/project_2

/var/svn/repos/project_3

My apache configs:

< VirtualHost *:80>

    ServerName svn.mydomain.tld

    Redirect / https://svn.mydomain.tld/    

< /VirtualHost >

` LoadModule dav_module modules/mod_dav.so

LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_svn_module     modules/mod_dav_svn.so

LoadModule authz_svn_module   modules/mod_authz_svn.so

< VirtualHost *:443 >

ServerName svn.mydomain.tld

DocumentRoot "/var/www/svn"
    <Directory />
    Options Includes FollowSymLinks MultiViews
    </Directory>
SSLEngine on
SSLCertificateFile /path/to/the/cert
SSLCertificateKeyFile /path/to/the/key
SSLCACertificateFile  /path/to/the/cacert

<Location /project_1>
    DAV svn
    SVNPath /var/svn/repos/project_1
    SVNIndexXSLT "/repos-web/view/repos.xsl"
    SVNPathAuthz on
    AuthzSVNAccessFile /srv/svn/conf/svnaccess
    AuthType Basic
    AuthName "My SVN Repository"
    AuthUserFile /srv/svn/conf/svnusers
    Require valid-user
</Location>

<Location /project_2>
    DAV svn
    SVNPath /var/svn/repos/project_2
    SVNIndexXSLT "/repos-web/view/repos.xsl"
    SVNPathAuthz on
    AuthzSVNAccessFile /srv/svn/conf/svnaccess
    AuthType Basic
    AuthName "My SVN Repository"
    AuthUserFile /srv/svn/conf/svnusers
    Require valid-user
</Location>

<Location /project_3>
    DAV svn
    SVNPath /var/svn/repos/project_3
    SVNIndexXSLT "/repos-web/view/repos.xsl"
    SVNPathAuthz on
    AuthzSVNAccessFile /srv/svn/conf/svnaccess
    AuthType Basic
    AuthName "My SVN Repository"
    AuthUserFile /srv/svn/conf/svnusers
    Require valid-user
</Location>
</VirtualHost>

My ACL file "/srv/svn/conf/svnaccess" looks like this:

[groups]
gods = admin

[/]
@gods = rw
* = r

[project_1/]
joe = rw
* =

[project_2/]
ana = rw
* =
1
apachesvnwebdav
This is definitely possible. Can you rule out AuthzSVNAccessFile by only doing basic apache auth? Also check your apache logs and verify your AuthUserFile has the users correctly defined. - Josh
AuthUserFile is fine, of that I'm sure. However, I did a small test and removed 'AuthzSVNAccessFile' from the config, reloaded apache and I noticed that it works, without the ACL file. Pretty odd. I have also tried to use only [/] * = r but that won't work, I'll still get "Forbidden". :( - cparfon
I've finally solved this by using "SVNParentPath" instead of 'SVNPath', also added a trailing slash to 'Location' project_name/ and finally I had to use "[project_x:/]" format into my ACL file in order to make it work. - cparfon

1 Answers

1
votes

I've finally solved this by using "SVNParentPath" instead of 'SVNPath', also added a trailing slash to 'Location' project_name/ and finally I had to use "[project_x:/]" format into my ACL file in order to make it work.