Getting Subversion working correctly
1 view
Skip to first unread message
Michael R. Bernstein
Apr 26, 2010, 1:37:25 PM4/26/10
to ClueMapper User
I haven't yet been able to set up Subversion to work correctly with CM
users. I've tried fiddling with various bits, but either my attempts
to do an authenticated checkin fail, or checkins are allowed for
anonymous users.
Here is how I have things set up:
ClueMapper was installed as root, and the CM directories are /usr/var/
cluemapper and /usr/etc/cluemapper.
My Apache httpd.conf file:
<VirtualHost *:80>
ServerName projects.aps.edu
# Subversion
<Location "/svn">
Dav On
DAV svn
AuthType Basic
AuthUserFile /usr/etc/cluemapper/cluemapper.passwd
AuthGroupFile /usr/etc/cluemapper/svnauthzfile.conf
SVNParentPath /usr/var/cluemapper/svnrepos/
AuthName "Cluemapper Subversion Repository"
Satisfy Any
Require valid-user
</Location>
#Cluemapper
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/svn/.*$
RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [L,P]
</VirtualHost>
I should note that currently
If I chown the /usr/var/cluemapper/svnrepos subdirectories to www-
data:www-data, anonymous check-ins succeed (even if I try to check in
with --username and --password, the checkin is still anonymous). Note
that anonymous reads and writes are not enabled in CM for these
projects.
If I chown the repositories to root:root, then checkins fail with the
following error (even when I supply a username and password that have
the correct permissions in CM):
svn: Commit failed (details follow):
svn: Can't open file '/usr/var/cluemapper/svnrepos/departments/db/txn-
current-lock': Permission denied
Other than the ownership changes I already mentioned, I also did a
'chmod -R g+ws' to /etc/var/svnrepos, as suggested by
http://code.autonomo.us/wiki?name=ClueMapper
Can anyone tell me what I need to do to get subversion to actually
*use* the CM users and permissions?
--
You received this message because you are subscribed to the Google Groups "ClueMapper User" group.
To post to this group, send email to cluemap...@googlegroups.com.
To unsubscribe from this group, send email to cluemapper-us...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cluemapper-user?hl=en.
users. I've tried fiddling with various bits, but either my attempts
to do an authenticated checkin fail, or checkins are allowed for
anonymous users.
Here is how I have things set up:
ClueMapper was installed as root, and the CM directories are /usr/var/
cluemapper and /usr/etc/cluemapper.
My Apache httpd.conf file:
<VirtualHost *:80>
ServerName projects.aps.edu
# Subversion
<Location "/svn">
Dav On
DAV svn
AuthType Basic
AuthUserFile /usr/etc/cluemapper/cluemapper.passwd
AuthGroupFile /usr/etc/cluemapper/svnauthzfile.conf
SVNParentPath /usr/var/cluemapper/svnrepos/
AuthName "Cluemapper Subversion Repository"
Satisfy Any
Require valid-user
</Location>
#Cluemapper
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/svn/.*$
RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [L,P]
</VirtualHost>
I should note that currently
If I chown the /usr/var/cluemapper/svnrepos subdirectories to www-
data:www-data, anonymous check-ins succeed (even if I try to check in
with --username and --password, the checkin is still anonymous). Note
that anonymous reads and writes are not enabled in CM for these
projects.
If I chown the repositories to root:root, then checkins fail with the
following error (even when I supply a username and password that have
the correct permissions in CM):
svn: Commit failed (details follow):
svn: Can't open file '/usr/var/cluemapper/svnrepos/departments/db/txn-
current-lock': Permission denied
Other than the ownership changes I already mentioned, I also did a
'chmod -R g+ws' to /etc/var/svnrepos, as suggested by
http://code.autonomo.us/wiki?name=ClueMapper
Can anyone tell me what I need to do to get subversion to actually
*use* the CM users and permissions?
--
You received this message because you are subscribed to the Google Groups "ClueMapper User" group.
To post to this group, send email to cluemap...@googlegroups.com.
To unsubscribe from this group, send email to cluemapper-us...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cluemapper-user?hl=en.
Michael R. Bernstein
Apr 26, 2010, 1:56:31 PM4/26/10
to ClueMapper User
On Apr 26, 11:37 am, "Michael R. Bernstein" <mich...@fandomhome.com>
wrote:
>[snip]
visible inside our network.
wrote:
>[snip]
>
> I should note that currently
I forgot to add in here that the projects.aps.edu subdomain is only
> I should note that currently
visible inside our network.
Michael R. Bernstein
May 4, 2010, 3:08:00 PM5/4/10
to ClueMapper User
> If I chown the /usr/var/cluemapper/svnrepos subdirectories to www-
> data:www-data, anonymous check-ins succeed (even if I try to check in
> with --username and --password, the checkin is still anonymous). Note
> that anonymous reads and writes are not enabled in CM for these
> projects.
Some progress:
> data:www-data, anonymous check-ins succeed (even if I try to check in
> with --username and --password, the checkin is still anonymous). Note
> that anonymous reads and writes are not enabled in CM for these
> projects.
By setting the ownership of a repository to www-data:www-data, and
removing the 'Satisfy Any' line from httpd.conf, I have achieved the
following:
* Login is now required
* Authentication of the CM-defined users for checkouts and checkins
succeeds
However, I now have the following problems:
* Any CM-defined user can do authenticated checkouts from any CM
project
* Even if they do not have source control access in the project they
are a member of
* And even if they are not a member of the project
* Anonymous users cannot do a check out, even if anonymous is granted
source control access in CM
So, to me it looks like Apache is ignoring the AuthGroupFile setting,
but I don't have a clue why. I would appreciate any help in further
diagnosing this issue.
Sally Kleinfeldt
May 4, 2010, 3:33:49 PM5/4/10
to cluemapper-user
Note the difference between the Apache conf you sent and the one I sent - I am using AuthzSVNAccessFile, you are using AuthGroupFile. I imagine it has to do with that, but I am not familiar with the use of AuthGroupFile.
Sally--
Sally Kleinfeldt - sa...@jazkarta.com
Open Source Technology Solutions
http://jazkarta.com
Sally
Sally Kleinfeldt - sa...@jazkarta.com
Open Source Technology Solutions
http://jazkarta.com
Michael R. Bernstein
May 4, 2010, 3:45:57 PM5/4/10
to ClueMapper User
On May 4, 1:08 pm, "Michael R. Bernstein" <mich...@fandomhome.com>
wrote:
>
> So, to me it looks like Apache is ignoring the AuthGroupFile setting,
> but I don't have a clue why. I would appreciate any help in further
> diagnosing this issue.
OK, I figured it out, folks.
> but I don't have a clue why. I would appreciate any help in further
> diagnosing this issue.
The AuthGroupFile directive was wrong, it needed to be
AuthzSVNAccessFile. After fixing that, and adding the Satisfy Any
directive back in, everything works, including granting anonymous
access.
Michael R. Bernstein
May 4, 2010, 10:00:38 PM5/4/10
to ClueMapper User
On May 4, 1:33 pm, Sally Kleinfeldt <sa...@jazkarta.com> wrote:
> Note the difference between the Apache conf you sent and the one I sent - I
> am using AuthzSVNAccessFile, you are using AuthGroupFile. I imagine it has
> to do with that, but I am not familiar with the use of AuthGroupFile.
Heh. We crossed the streams and both came up with the same answer.
> Note the difference between the Apache conf you sent and the one I sent - I
> am using AuthzSVNAccessFile, you are using AuthGroupFile. I imagine it has
> to do with that, but I am not familiar with the use of AuthGroupFile.
Sally, thank you very much for responding! Incidentally, if you
previously sent any files, I never saw them.
Reply all
Reply to author
Forward
0 new messages