• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 365
  • Last Modified:

how to make security using svnserve

Hi all,
I'm new to subversion and my manager want to make access control list in subversion that gives different   permissions for different users and groups

I got the following
- fedora core 4
- subversion 1.2.3 (installed with yum utility)

the access control list in authz-db file does not work and after some searching  (long term) I found that it needs subversion 1.3 at least to have access control list with svnserve

so my question for you as experts:
1. is that true
2. if it's true how to install subversion 1.4 on a fedora core 4 box (please give me how to guide)
3. if it's false what is the right way to do it

please help in that issue
best regards
HG
0
shang3000
Asked:
shang3000
  • 2
  • 2
1 Solution
 
ssvlCommented:
0
 
perehospitalCommented:
I have subversion installed from time ago and access control working without a problem, then I don't think that version 1.2.3 is the problem.

Regarding access control itself, I got all the information from here :
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth.general

Basically you define general permissions for authenticated and non-authenticated  users and the password and authorization files (can be common for all repositories).

The password file is just a text file with user/pass in this format :

[users]
John = password

And in the authz file you can define groups and types of access for every group to different repos :

[groups]
group1 = John, mary
# repositories permissions
[repos1:/]
@groups1 = rw
[repos2:/]
@group1 = r

Regards,

Pere
0
 
shang3000Author Commented:
hi perehospital,
thanks for reply

 my mangere wants me t o do the following

- security repository
       - development  (@developers=rw and nagy=r )
                 - final        (hatem=rw and nagy = rw and the rest of @developers=r)

I tried what you send but no good I even restarted the server
can you please check those files for me and guide me how to do that :
--------------------------
svnserve.conf
---------------------------
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository.  (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.tigris.org/ for more information.

[general]
### These options control access to the repository for unauthenticated
### and authenticated users.  Valid values are "write", "read",
### and "none".  The sample settings below are the defaults.

anon-access = none
auth-access = write

### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.

password-db = passwd
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
realm = example realm

# Specific access rules for specific locations
authz-db = authzfile

-----------------------------
authzfile
-----------------------------
[groups]
developers = hatem,magdy,marwa,mosaab,shereen
testers = hesham,ahmed
managers = nagy,sameh,salma

[security:/]
* =r

[security:/development]
@developers = rw
nagy=r
* =

[security:/development/final]
@developers = r
hatem=rw
* =

[security:/plans]
@managers = rw
* =

[security:/plans/final]
@developers=r
@managers = r
nagy = rw
* =

[security:/test]
@testers=rw
@developers = r
nagy = r
* =
--------------
best regards
HG
0
 
perehospitalCommented:
Hi, sorry I have been away for a couple of days.

Comparing to my config files, yours seem quite correct.

The only differences are :

I have the full path to the password and authz files in the svnserve.conf file :

[general]
### These options control access to the repository for unauthenticated
### and authenticated users.  Valid values are "write", "read",
### and "none".  The sample settings below are the defaults.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.
password-db = /var/svn/svn_conf/passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the conf
### directory.  If you don't specify an authz-db, no path-based access
### control is done.
### Uncomment the line below to use the default authorization file.
authz-db = /var/svn/svn_conf/authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
realm = mycompany

This is because I use the same password and authz file for several repositories.


Second, in the authz file I just give permissions to the whole repository structure :

[groups]
group1 = karl,stein,svein,faruk,michael,pol

# BOB repositories
[bob_components:/]
@bob = rw

[bob_third_party:/]
@bob = rw

I have to say that I don't have a clue if you can give permissions to subfolders of the repos. Which time os storage do you use for the repos ? I use FSFS (just files).
Here do you have information : http://svnbook.red-bean.com/en/1.4/svn.reposadmin.planning.html#svn.reposadmin.basics.backends

Finally regarding the password file that I assume you have in the correct format :
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
pol = polpassword
svein = sveinpassword

Regards,

Pere

0
 
shang3000Author Commented:
hi perehospital,
thanks for reply,

>>> I have to say that I don't have a clue if you can give permissions to subfolders of the repos. Which time os storage do you use for the
>>> repos ? I use FSFS (just files).

so am I

thnaks any way for trying to help
best regards
HG
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now