SVN access control is not working

1
votes

I have a project in svn repository, which contains more branches and tags, and several users are working in the same project but in different branches. I gave write permission to particular user to access particular branch only, but not to other branches, and similarly for another user to write to yet different branch.

Step 1 : I have create user using 

htpasswd -m /etc/apache2/dav_svn.passwd username

Step 2 : svnserve.conf

[general]
password-db = passwd
realm = reponame
anon-access = none
auth-access = write
authz-db = authz

Step 3 : passwd

username : passwd

Added user & passwd which are used for creating htpasswd for this project in passwd file.

Step 4 : authz

#[the_name_of_repository:/path_in_that_repository]
[test:/]
user1 = r
user2 = r

[test:/branches/data1]
user1 : rw

[test:/branches/data2]
user2 : rw

So, now user2 can only access (commit, update, checkout) data2 branches and can read all other folders, and user2 can access (commit, update, checkout) data1 branch. Access control is not working properly as expected from authz file.

What am I doing wrong?

2
svn
No reason to close the question. It's both on topic for SO and fairly clear. - Dialecticus
If you meant to say "user1 can access data1", then your rules are all correct. What you haven't explained is how you serve your repository (Apache, svnserve, svnserve+ssh) and how you're pointing to your configurations there. - alroc
Also, is your file really svnserver.conf? The default is svnserve.conf (note the lack of an r). - alroc
user1 can able to access data2 also but i gave only read permission for user1 to data2 branch. installed subversion in centos. - pravin09
sorry svnserver.conf only wrongly typed. now changed. - pravin09

2 Answers

0
votes

The problem may stem from something @alroc said in the comments. You're configuring permissions using svnserve.conf, but you created the user for Apache.

Apache's mod_dav_svn doesn't read svnserve.conf. Instead, you need to install mod_authz_svn and set up an AuthzSVNAccessFile for it. This file appears to have the same syntax as svnserve.conf.

0
votes
  1. You must to know, which type of repository (http-based, served by Apache, or svn-based, served by svnserve) you have and use only one from two independent and unrelated type of authentication: htpasswd for apache, passwd for svnserve
  2. Auth-database must have at least user1+user2 records
  3. authz file must use correct syntax in all records: you have mistakes in both branches, corrrect format is

object = rights