Visitors are also reading...
← PreviousNext →

SVN + Apache (Continue) - Permissions

27 Apr 2010

Last time I explained how I got my Apache to forward calls to the SVN.
It was pretty hard due to lack of documentation.

This time I wanted to configure some basic permissions. It was pretty easy - and I also found great documentation. One catch though... as always.

Goal Definition

If you read any of my articles so far, you might have noticed that when I deal with something new, I try to keep my goals to a minimum.

The minimum I could think of in this case is :

Wrong documentation

When I started the search, I looked for configuring permissions in SVN. I found this documentation.

However - this is the wrong documentation since I am looking for Apache+SVN. Whereas this documentation is for SVN Server. This is a small nuance you should note when reading documentations.

This is the documentation I used to achieve my goal.

Configuration

The entire configuration for Apache+SVN is done in Apache.

Adding user/password

If file does not exist, create the file

d:\dev_env\svn_repository\svn-auth-file guy

run command

htpasswd -cm d:\dev_env\svn_repository\svn-auth-file guy

replace "guy" with your username.

Technically - the "-c" flag is supposed to create the file if it does not exist. However it didn't work for me, but creating it manually solved the problem.

Afterwards you will be prompted for a password.

New password: *********
Re-type new password: *********  
Adding password for user guy

Now we need to match between username and permission.

Match between username and permission

Next to the "svn-auth-file" , create a new file named "svn-acl"
ACL - stands for "Access control list".

[/]
* = r  
guy = rw

the path "[/]" means the parent directory - which lists all projects.
following that you can see "* = r" - this means, I grant everyone read permission
Last we have "guy = rw" which means I grant myself read/write permission.

These will apply to all my projects. They can also be define per project.
You can also define users into groups, and give permission by groups. (see links in references).

The last step is to point apache to these files.

Configuring Apache

The final configuration will look something like this

<Location ~ "/svn/" >
    DAV svn
 SVNListParentPath on
        SVNParentPath d:/dev_env/svn_repository/projects

         <!-- PERMISSIONS -->
 AuthType Basic
 AuthName "Subversion Repository Authentication"
 AuthUserFile D:/dev_env/svn_repository/svn-auth-file

 Satisfy Any
 Require valid-user

 AuthzSVNAccessFile D:/dev_env/svn_repository/svn-acl

</Location>

We already saw the first 3 lines in the previous post.
Afterward, we tell Apache to prompt a basic authentication with "AuthType Basic". AuthName simply gives a name to the authentication popup.
Then we point to the auth file we defined in the first step.

The "Satisfy Any" is the catch, and took me some time to find. This means - prompt for password only if action requires... Since I am giving read permission to everyone, you won't be prompted for a password for a read operation. (for example, clicking http://svn.mograbi.co.il/svn/.

Later we say that for any other option - we require a valid user.
The final line points to the access file - telling Apache who can read and who can write.

Result

Everything went smoothly for me, so there's no troubleshooting this time.

If you try to read from your repository but see a password prompt, you did something wrong.

In order to see that it works you should

Supplying a password

When you test the configuration you should do something like this (assuming you already have a working copy of the project. If not - you should checkout first. "svn co URL folderName")

echo aa > aa
svn status
(see that you have the line : "?       aa" - which means this file is not monitored.)
svn add aa
svn commit aa -m "adding test for auth"
Authentication realm:  Subversion Repository Authentication
Password for 'User': ***
Authentication realm:  Subversion Repository Authentication
Username: svn: Commit failed (details follow):
svn: MKACTIVITY of '/svn/project_manager/!svn/act/96456c34-fea7-aa4b-a25d-000e43429ecf': authorization failed: Could not authenticate to server: r

This shows that I couldn't commit with a bad authentication.

But how to I define the new credentials ?
I simply do the following

svn commit aa -m "show good credentials" --username guy

And supply the password when prompted.

Q: Will I need to specify username in every commit ?
A: No, SVN caches the credentials. Don't like it? Clean it or Prevent it

Conclusion

So far, I have to admit, I like SVN. However, I assume this is mainly because I am the sole user :) .
The authorization configuration was a piece of cake, and the entire thing (including this post) didn't take more than 2 hours.

Now that I fill good enough with SVN, I am going to make a transition to GIT (finally).

References

← PreviousNext →