On 7/25/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote: > "Require user XXX" should work on its own. > For me it does, at least. Used alone it works great but as soon as I try to use it with AuthzSVNAccessFile it no longer works as expected. > I don't use AuthzSVNAccessFile, but if you search the web you find info on > it, that may help you. > Using both is mixing directives, and the result may lead to confusion. > > Using AuthzSVNAccessFile, as far as I browsed, is for use with "Require > valid-user", but as I said I don't use it so I don't have first hand > experience... Actually I came here after asking the very same question on subversion mailing list w/o having a comprehensive answer. I probably will have to assume that AuthzSVNAccessFile can override 'Require' policy. Thanks for your answer, Manuel > -----Original Message----- > From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx] > Sent: quarta-feira, 25 de Julho de 2007 16:07 > To: users@xxxxxxxxxxxxxxxx > Subject: Re: Authorization - require question > > Thanks for the quick reply. > > I do use <Location> because of subversion and there is no global > permissions set at a upper level. > > What seems strange to me is that "Require user XXX" works w/o having > another authorization level (w/o AuthzSVNAccessFile) but as soon as I > add this statement the Require user seems overrided. > > Actually is 'Require user' authoritative (I don't know if it's the > right term to use to describe what I want to achieve) ? > > And maybe a stupid question but: > - Is what I want to achieve possible or not ? > > -- Manuel > > On 7/25/07, Luis Moreira (ESI-GSQP) <luis.moreira@xxxxxx> wrote: > > First, the directive "require user" fits not only a single user, but a > list, > > too > > > > Doing just > > > > Require user Manuel Vacelet Admin Power > > > > Will validate 4 users, Manuel, Vacelet, Admin and Power > > > > HOWEVER, > > > > 1) Location applies to contents outside the file system > > 2) Otherwise you can use Directory directive > > 3) Maybe you have a set of permissions that supersede this one, giving > > access to ALL to a higher-level directory ?? > > > > > > Luis > > > > > > > > -----Original Message----- > > From: Manuel Vacelet [mailto:manuel.vacelet@xxxxxxxxx] > > Sent: quarta-feira, 25 de Julho de 2007 13:33 > > To: users@xxxxxxxxxxxxxxxx > > Subject: Authorization - require question > > > > Hello all, > > > > I'm facing some problems trying to understand how Require actually works. > > Here is my objectives: > > - I want to authenticate user against a file. > > - I want to restrict a list of users to access to a Location. > > - I have 3rd party authorization (AuthzSvnAccessFile) that may > > restrict again the browsing. > > > > And now my problem: > > - I can restrict access to Location to the list of people in my file > > with a 'Require valid-user'. > > - But I cannot restrict access to a list of people with 'Require user' > > > > Here the example of config: > > ----------------------------->8----------------------------- > > <Location /svnroot/code> > > DAV svn > > SVNPath /var/lib/codex/svnroot/code > > > > AuthType Basic > > AuthName "Subversion Authorization" > > > > AuthUserFile /etc/httpd/conf/htpasswd > > Require user manuel > > AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile > > </Location> > > ----------------------------->8----------------------------- > > > > Even if I don't authenticate as 'manuel' account I can browse my > repository > > > > FYI svnaccessfile is: > > ----------------------------->8----------------------------- > > @member=manuel, john > > [/] > > * = r > > @members = rw > > ----------------------------->8----------------------------- > > > > Can anyone explain to me what happens ? > > Thanks, > > -- Manuel > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|