"Require user XXX" should work on its own. For me it does, at least. Just add the directive, edit the users and if you access that directory the users will be validated against the PWD file. I don't use AuthzSVNAccessFile, but if you search the web you find info on it, that may help you. Using both is mixing directives, and the result may lead to confusion. Using AuthzSVNAccessFile, as far as I browsed, is for use with "Require valid-user", but as I said I don't use it so I don't have first hand experience... Luis -----Original Message----- From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx] Sent: quarta-feira, 25 de Julho de 2007 16:07 To: users@xxxxxxxxxxxxxxxx Subject: Re: Authorization - require question Thanks for the quick reply. I do use <Location> because of subversion and there is no global permissions set at a upper level. What seems strange to me is that "Require user XXX" works w/o having another authorization level (w/o AuthzSVNAccessFile) but as soon as I add this statement the Require user seems overrided. Actually is 'Require user' authoritative (I don't know if it's the right term to use to describe what I want to achieve) ? And maybe a stupid question but: - Is what I want to achieve possible or not ? -- Manuel On 7/25/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote: > First, the directive "require user" fits not only a single user, but a list, > too > > Doing just > > Require user Manuel Vacelet Admin Power > > Will validate 4 users, Manuel, Vacelet, Admin and Power > > HOWEVER, > > 1) Location applies to contents outside the file system > 2) Otherwise you can use Directory directive > 3) Maybe you have a set of permissions that supersede this one, giving > access to ALL to a higher-level directory ?? > > > Luis > > > > -----Original Message----- > From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx] > Sent: quarta-feira, 25 de Julho de 2007 13:33 > To: users@xxxxxxxxxxxxxxxx > Subject: Authorization - require question > > Hello all, > > I'm facing some problems trying to understand how Require actually works. > Here is my objectives: > - I want to authenticate user against a file. > - I want to restrict a list of users to access to a Location. > - I have 3rd party authorization (AuthzSvnAccessFile) that may > restrict again the browsing. > > And now my problem: > - I can restrict access to Location to the list of people in my file > with a 'Require valid-user'. > - But I cannot restrict access to a list of people with 'Require user' > > Here the example of config: > ----------------------------->8----------------------------- > <Location /svnroot/code> > DAV svn > SVNPath /var/lib/codex/svnroot/code > > AuthType Basic > AuthName "Subversion Authorization" > > AuthUserFile /etc/httpd/conf/htpasswd > Require user manuel > AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile > </Location> > ----------------------------->8----------------------------- > > Even if I don't authenticate as 'manuel' account I can browse my repository > > FYI svnaccessfile is: > ----------------------------->8----------------------------- > @member=manuel, john > [/] > * = r > @members = rw > ----------------------------->8----------------------------- > > Can anyone explain to me what happens ? > Thanks, > -- Manuel > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|