Re: Authorization - require question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/25/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote:
> "Require user XXX" should work on its own.
> For me it does, at least.

Used alone it works great but as soon as I try to use it with
AuthzSVNAccessFile it no longer works as expected.

> I don't use AuthzSVNAccessFile, but if you search the web you find info on
> it, that may help you.
> Using both is mixing directives, and the result may lead to confusion.
>
> Using AuthzSVNAccessFile, as far as I browsed, is for use with "Require
> valid-user", but as I said I don't use it so I don't have first hand
> experience...

Actually I came here after asking the very same question on subversion
mailing list w/o having a comprehensive answer.

I probably will have to assume that AuthzSVNAccessFile can override
'Require' policy.

Thanks for your answer,
Manuel

> -----Original Message-----
> From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx]
> Sent: quarta-feira, 25 de Julho de 2007 16:07
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  Authorization - require question
>
> Thanks for the quick reply.
>
> I do use <Location> because of subversion and there is no global
> permissions set at a upper level.
>
> What seems strange to me is that "Require user XXX" works w/o having
> another authorization level (w/o AuthzSVNAccessFile) but as soon as I
> add this statement the Require user seems overrided.
>
> Actually is 'Require user' authoritative (I don't know if it's the
> right term to use to describe what I want to achieve) ?
>
> And maybe a stupid question but:
> - Is what I want to achieve possible or not ?
>
> -- Manuel
>
> On 7/25/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote:
> > First, the directive "require user" fits not only a single user, but a
> list,
> > too
> >
> > Doing just
> >
> > Require user Manuel Vacelet Admin Power
> >
> > Will validate 4 users, Manuel, Vacelet, Admin and Power
> >
> > HOWEVER,
> >
> > 1) Location applies to contents outside the file system
> > 2) Otherwise you can use Directory directive
> > 3) Maybe you have a set of permissions that supersede this one, giving
> > access to ALL to a higher-level directory ??
> >
> >
> > Luis
> >
> >
> >
> > -----Original Message-----
> > From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx]
> > Sent: quarta-feira, 25 de Julho de 2007 13:33
> > To: users@xxxxxxxxxxxxxxxx
> > Subject:  Authorization - require question
> >
> > Hello all,
> >
> > I'm facing some problems trying to understand how Require actually works.
> > Here is my objectives:
> > - I want to authenticate user against a file.
> > - I want to restrict a list of users to access to a Location.
> > - I have 3rd party authorization (AuthzSvnAccessFile) that may
> > restrict again the browsing.
> >
> > And now my problem:
> > - I can restrict access to Location to the list of people in my file
> > with a 'Require valid-user'.
> > - But I cannot restrict access to a list of people with 'Require user'
> >
> > Here the example of config:
> > ----------------------------->8-----------------------------
> > <Location /svnroot/code>
> >    DAV svn
> >    SVNPath /var/lib/codex/svnroot/code
> >
> >    AuthType Basic
> >    AuthName "Subversion Authorization"
> >
> >    AuthUserFile /etc/httpd/conf/htpasswd
> >    Require user manuel
> >    AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile
> > </Location>
> > ----------------------------->8-----------------------------
> >
> > Even if I don't authenticate as 'manuel' account I can browse my
> repository
> >
> > FYI svnaccessfile is:
> > ----------------------------->8-----------------------------
> > @member=manuel, john
> > [/]
> > * = r
> > @members = rw
> > ----------------------------->8-----------------------------
> >
> > Can anyone explain to me what happens ?
> > Thanks,
> > -- Manuel
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux