apache web dav svn multiple repositories, one ACL file

2
votes

I am having a really hard time trying to solve an issue I have with some apache configuration with web dav and authentication. I have several repositories and I want to use one single permissions (ACL) file. Is this even possible ? I get forbidden with my current setup. Here it is: My repos: /var/svn/repos/project_1

/var/svn/repos/project_2

/var/svn/repos/project_3

My apache configs:

< VirtualHost *:80>

    ServerName svn.mydomain.tld

    Redirect / https://svn.mydomain.tld/    

< /VirtualHost >

` LoadModule dav_module modules/mod_dav.so

LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_svn_module     modules/mod_dav_svn.so

LoadModule authz_svn_module   modules/mod_authz_svn.so

< VirtualHost *:443 >

ServerName svn.mydomain.tld

DocumentRoot "/var/www/svn"
    <Directory />
    Options Includes FollowSymLinks MultiViews
    </Directory>
SSLEngine on
SSLCertificateFile /path/to/the/cert
SSLCertificateKeyFile /path/to/the/key
SSLCACertificateFile  /path/to/the/cacert

<Location /project_1>
    DAV svn
    SVNPath /var/svn/repos/project_1
    SVNIndexXSLT "/repos-web/view/repos.xsl"
    SVNPathAuthz on
    AuthzSVNAccessFile /srv/svn/conf/svnaccess
    AuthType Basic
    AuthName "My SVN Repository"
    AuthUserFile /srv/svn/conf/svnusers
    Require valid-user
</Location>

<Location /project_2>
    DAV svn
    SVNPath /var/svn/repos/project_2
    SVNIndexXSLT "/repos-web/view/repos.xsl"
    SVNPathAuthz on
    AuthzSVNAccessFile /srv/svn/conf/svnaccess
    AuthType Basic
    AuthName "My SVN Repository"
    AuthUserFile /srv/svn/conf/svnusers
    Require valid-user
</Location>

<Location /project_3>
    DAV svn
    SVNPath /var/svn/repos/project_3
    SVNIndexXSLT "/repos-web/view/repos.xsl"
    SVNPathAuthz on
    AuthzSVNAccessFile /srv/svn/conf/svnaccess
    AuthType Basic
    AuthName "My SVN Repository"
    AuthUserFile /srv/svn/conf/svnusers
    Require valid-user
</Location>
</VirtualHost>

My ACL file "/srv/svn/conf/svnaccess" looks like this:

[groups]
gods = admin

[/]
@gods = rw
* = r

[project_1/]
joe = rw
* =

[project_2/]
ana = rw
* =
1
apachesvnwebdav
This is definitely possible. Can you rule out AuthzSVNAccessFile by only doing basic apache auth? Also check your apache logs and verify your AuthUserFile has the users correctly defined.Josh
AuthUserFile is fine, of that I'm sure. However, I did a small test and removed 'AuthzSVNAccessFile' from the config, reloaded apache and I noticed that it works, without the ACL file. Pretty odd. I have also tried to use only [/] * = r but that won't work, I'll still get "Forbidden". :(cparfon
I've finally solved this by using "SVNParentPath" instead of 'SVNPath', also added a trailing slash to 'Location' project_name/ and finally I had to use "[project_x:/]" format into my ACL file in order to make it work.cparfon

1 Answers

1
votes

I've finally solved this by using "SVNParentPath" instead of 'SVNPath', also added a trailing slash to 'Location' project_name/ and finally I had to use "[project_x:/]" format into my ACL file in order to make it work.