Last time I explained how I got my Apache to forward calls to the SVN.
It was pretty hard due to lack of documentation.
This time I wanted to configure some basic permissions. It was pretty easy - and I also found great documentation. One catch though... as always.
If you read any of my articles so far, you might have noticed that when I deal with something new, I try to keep my goals to a minimum.
The minimum I could think of in this case is :
- Allow me to write into the SVN
- Allow anyone to read - Anonymous read accesss
When I started the search, I looked for configuring permissions in SVN. I found this documentation.
However - this is the wrong documentation since I am looking for Apache+SVN. Whereas this documentation is for SVN Server. This is a small nuance you should note when reading documentations.
This is the documentation I used to achieve my goal.
The entire configuration for Apache+SVN is done in Apache.
If file does not exist, create the file
htpasswd -cm d:\dev_env\svn_repository\svn-auth-file guy
replace "guy" with your username.
Technically - the "-c" flag is supposed to create the file if it does not exist. However it didn't work for me, but creating it manually solved the problem.
Afterwards you will be prompted for a password.
New password: ********* Re-type new password: ********* Adding password for user guy
Now we need to match between username and permission.
Next to the "svn-auth-file" , create a new file named "svn-acl"
ACL - stands for "Access control list".
[/] * = r guy = rw
the path "[/]" means the parent directory - which lists all projects.
following that you can see "* = r" - this means, I grant everyone read permission
Last we have "guy = rw" which means I grant myself read/write permission.
These will apply to all my projects. They can also be define per project.
You can also define users into groups, and give permission by groups. (see links in references).
The last step is to point apache to these files.
The final configuration will look something like this
<Location ~ "/svn/" > DAV svn SVNListParentPath on SVNParentPath d:/dev_env/svn_repository/projects <!-- PERMISSIONS --> AuthType Basic AuthName "Subversion Repository Authentication" AuthUserFile D:/dev_env/svn_repository/svn-auth-file Satisfy Any Require valid-user AuthzSVNAccessFile D:/dev_env/svn_repository/svn-acl </Location>
We already saw the first 3 lines in the previous post.
Afterward, we tell Apache to prompt a basic authentication with "AuthType Basic". AuthName simply gives a name to the authentication popup.
Then we point to the auth file we defined in the first step.
The "Satisfy Any" is the catch, and took me some time to find. This means - prompt for password only if action requires... Since I am giving read permission to everyone, you won't be prompted for a password for a read operation. (for example, clicking http://svn.mograbi.co.il/svn/.
Later we say that for any other option - we require a valid user.
The final line points to the access file - telling Apache who can read and who can write.
Everything went smoothly for me, so there's no troubleshooting this time.
If you try to read from your repository but see a password prompt, you did something wrong.
In order to see that it works you should
- Check that you can read without password prompt
- See that when you try to "commit" (write) you are requested for a password - see section below
When you test the configuration you should do something like this (assuming you already have a working copy of the project. If not - you should checkout first. "svn co URL folderName")
echo aa > aa svn status (see that you have the line : "? aa" - which means this file is not monitored.) svn add aa svn commit aa -m "adding test for auth" Authentication realm: Subversion Repository Authentication Password for 'User': *** Authentication realm: Subversion Repository Authentication Username: svn: Commit failed (details follow): svn: MKACTIVITY of '/svn/project_manager/!svn/act/96456c34-fea7-aa4b-a25d-000e43429ecf': authorization failed: Could not authenticate to server: r
This shows that I couldn't commit with a bad authentication.
But how to I define the new credentials ?
I simply do the following
svn commit aa -m "show good credentials" --username guy
And supply the password when prompted.
So far, I have to admit, I like SVN. However, I assume this is mainly because I am the sole user :) .
The authorization configuration was a piece of cake, and the entire thing (including this post) didn't take more than 2 hours.
Now that I fill good enough with SVN, I am going to make a transition to GIT (finally).