RE: Authorization - require question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Require user XXX" should work on its own.
For me it does, at least.
Just add the directive, edit the users and if you access that directory the
users will be validated against the PWD file.

I don't use AuthzSVNAccessFile, but if you search the web you find info on
it, that may help you.
Using both is mixing directives, and the result may lead to confusion.

Using AuthzSVNAccessFile, as far as I browsed, is for use with "Require
valid-user", but as I said I don't use it so I don't have first hand
experience...


Luis

-----Original Message-----
From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx] 
Sent: quarta-feira, 25 de Julho de 2007 16:07
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Authorization - require question

Thanks for the quick reply.

I do use <Location> because of subversion and there is no global
permissions set at a upper level.

What seems strange to me is that "Require user XXX" works w/o having
another authorization level (w/o AuthzSVNAccessFile) but as soon as I
add this statement the Require user seems overrided.

Actually is 'Require user' authoritative (I don't know if it's the
right term to use to describe what I want to achieve) ?

And maybe a stupid question but:
- Is what I want to achieve possible or not ?

-- Manuel

On 7/25/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote:
> First, the directive "require user" fits not only a single user, but a
list,
> too
>
> Doing just
>
> Require user Manuel Vacelet Admin Power
>
> Will validate 4 users, Manuel, Vacelet, Admin and Power
>
> HOWEVER,
>
> 1) Location applies to contents outside the file system
> 2) Otherwise you can use Directory directive
> 3) Maybe you have a set of permissions that supersede this one, giving
> access to ALL to a higher-level directory ??
>
>
> Luis
>
>
>
> -----Original Message-----
> From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx]
> Sent: quarta-feira, 25 de Julho de 2007 13:33
> To: users@xxxxxxxxxxxxxxxx
> Subject:  Authorization - require question
>
> Hello all,
>
> I'm facing some problems trying to understand how Require actually works.
> Here is my objectives:
> - I want to authenticate user against a file.
> - I want to restrict a list of users to access to a Location.
> - I have 3rd party authorization (AuthzSvnAccessFile) that may
> restrict again the browsing.
>
> And now my problem:
> - I can restrict access to Location to the list of people in my file
> with a 'Require valid-user'.
> - But I cannot restrict access to a list of people with 'Require user'
>
> Here the example of config:
> ----------------------------->8-----------------------------
> <Location /svnroot/code>
>    DAV svn
>    SVNPath /var/lib/codex/svnroot/code
>
>    AuthType Basic
>    AuthName "Subversion Authorization"
>
>    AuthUserFile /etc/httpd/conf/htpasswd
>    Require user manuel
>    AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile
> </Location>
> ----------------------------->8-----------------------------
>
> Even if I don't authenticate as 'manuel' account I can browse my
repository
>
> FYI svnaccessfile is:
> ----------------------------->8-----------------------------
> @member=manuel, john
> [/]
> * = r
> @members = rw
> ----------------------------->8-----------------------------
>
> Can anyone explain to me what happens ?
> Thanks,
> -- Manuel
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux