Project

General

Profile

Forums » Help »

Unable to have read-only access to SVN

Added by François-Xavier Payet over 12 years ago

Hello,

I've followed the HoTo Repositories access control with apache, mod_dav_svn and mod_perl to configure SVN integration with Redmine.

Authenticated access works like a charm, but read-only access from my redmine machine can't seem to work. Either via svn ls command, or via the http access, I can't get the read-only access to work : I'm always asked to authenticate.

Here's the configuration to my SVN virtual host :

VirtualHost *:80>
        ServerAdmin my.email@adress
        ServerName ssvn.server.name

        PerlLoadModule Apache::Redmine

  <Location /svn>
     DAV svn
     SVNParentPath "/var/svnredmine" 
     Order deny,allow
     Deny from all
     Satisfy any

     PerlAccessHandler Apache::Authn::Redmine::access_handler
     PerlAuthenHandler Apache::Authn::Redmine::authen_handler
     AuthType Basic
     AuthName "Redmine SVN Repository" 

     #read-only access
     <Limit GET PROPFIND OPTIONS REPORT>
        Require valid-user
        Allow from localhost
        Allow from my.redmine.ip.adress
        # Allow from another-ip
         Satisfy any
     </Limit>
     # write access
     <LimitExcept GET PROPFIND OPTIONS REPORT>
       Require valid-user
     </LimitExcept>

     ## for mysql
     RedmineDSN "DBI:mysql:database=redmine_default;host=localhost" 
     ## for postgres
     # RedmineDSN "DBI:Pg:dbname=databasename;host=my.db.server" 
     ## for SQLite3
     # RedmineDSN "DBI:SQLite:dbname=database.db" 

     RedmineDbUser "redmine" 
     RedmineDbPass "MyRedminePassword" 
  </Location>
</VirtualHost>

Any idea why the read-only configuration might not work?

Thanks in advance.


Replies (1)

RE: Unable to have read-only access to SVN - Added by Mischa The Evil over 12 years ago

François-Xavier Payet wrote:

Authenticated access works like a charm, but read-only access from my redmine machine can't seem to work. Either via svn ls command, or via the http access, I can't get the read-only access to work : I'm always asked to authenticate.

It seems you are mixing-up two separate things here. It is authenticated access vs. anonymous access which deals with authentication and read-only access vs. write access which deals with authorization.

Here's the configuration to my SVN virtual host :

     ...
     #read-only access
     <Limit GET PROPFIND OPTIONS REPORT>
        Require valid-user
        Allow from localhost
        Allow from my.redmine.ip.adress
        # Allow from another-ip
         Satisfy any
     </Limit>
     # write access
     <LimitExcept GET PROPFIND OPTIONS REPORT>
       Require valid-user
     </LimitExcept>
     ...

Any idea why the read-only configuration might not work?

It looks like the first Require valid-user directive inside the Limit * block is causing the fact that you're always asked to authenticate. If that block contains only the Satisfy any directive, anonymous access is granted for GET, PROPFIND, OPTIONS & REPORT request types. Along with the LimitExcept * block which tells apache to require a user to authenticate for all but the specified request types, that should suffice your authentication need of having both authenticated and anonymous access.

See for more information http://svnbook.red-bean.com/en/1.7/svn.serverconfig.httpd.html.

    (1-1/1)