[SOLVED] Anonymous user on subversion repositories

11 posts / 0 new
Last post
#1 Thu, 07/31/2008 - 05:54
sylvaticus

[SOLVED] Anonymous user on subversion repositories

Hello.. I can't handle how to have a real anonymous user on anonymous-enabled subversion repositories. It seems that apache want still try to validate with a system user before showing the svn repository.

Now I managed to create and anonymous.mydomain user with no password and no svn authorisation. People can then use --username=anonymous (with no password) to log-in on anonymous-enabled repositories (while private one requires that a user has been explicitelly authorized for that specific repository).

My question is how to allows apache to give read access to anonymous repositories without first requiring to use the anonymous user??

Post edited by: sylvaticus, at: 2008/07/31 05:55<br><br>Post edited by: sylvaticus, at: 2008/08/01 06:27

Thu, 07/31/2008 - 21:33
sylvaticus

Maybe I wasn't clear.

How do I configure Virtualmin to let users go to:
http://mydomain.org/svn/myproject
and browse the code ?? (without first having to put anonymous?)

Even more important, how can I allow them to checkout the code simply as:
svn checkout http://mydomain.org/svn/myproject/trunk
(without to firstly specify the &quot;anonymous&quot; user)

Fri, 08/01/2008 - 05:02 (Reply to #2)
andreychek

Howdy,

It sounds like you're saying when you created the Subversion repository in Services -&gt; SVN Repositories, you selected &quot;Allow anonymous read access&quot; alongside the other details for the repository?.

If that's correct, what does the resulting svn-access.conf file look like? It should have a &quot;* = r&quot; in it.

If you look in ~/etc/svn-access.conf (or ~/domains/DOMAIN_NAME/etc/svn-access.conf if it's not your first domain), that file contains the permissions for your repository.

Go ahead and post that here if you don't immediately see what's causing the problem you're having.
-Eric

Fri, 08/01/2008 - 05:16 (Reply to #3)
sylvaticus

hi andreycheck.. thanks for your help.

My ~/etc/svn-access.conf file looks correct:

[code:1]
[DOMAIN_NAME:/]
* = r
antonello = rw
martin = rw
[/code:1]

In fact using a system username that is not in the list I can check-out in anonymous mode.
Problem is that, even for reading, it firsts try to validate again a local system user..

Fri, 08/01/2008 - 05:27 (Reply to #4)
sylvaticus

This is an example of a working session trying to make an anonymous checkout:
[code:1]
lobianco@lobiancoserver:~/temp/svntest$ svn checkout http://regmas.org/svn/regmas/trunk
Reame di autenticazione: &lt;http://regmas.org:80&gt; regmas.org
Password per 'lobianco':
Reame di autenticazione: &lt;http://regmas.org:80&gt; regmas.org
Username:
Password per '':
Reame di autenticazione: &lt;http://regmas.org:80&gt; regmas.org
Username:
Password per '':
svn: OPTIONS di 'http://regmas.org/svn/regmas/trunk': autorizzazione fallita (http://regmas.org)
lobianco@lobiancoserver:~/temp/svntest$
[/code:1]
This is instead using the anonymous (or whatsoever) user (working):
[code:1]
lobianco@lobiancoserver:~/temp/svntest$ svn checkout http://regmas.org/svn/regmas/trunk --username=anonymous
Reame di autenticazione: &lt;http://regmas.org:80&gt; regmas.org
Password per 'anonymous':
A trunk/Doxyfile
....
[/code:1]
[/code]

Fri, 08/01/2008 - 06:04 (Reply to #5)
sylvaticus

I got a look at the apache configuration.
This is the relevant bits of /etc/apache2/sites-available/regmas.org.conf :

[code:1]&lt;Location /svn&gt;
DAV svn
SVNParentPath /home/regmas/svn
AuthType Basic
AuthName regmas.org
AuthUserFile /home/regmas/etc/svn.basic.passwd
Require valid-user
AuthzSVNAccessFile /home/regmas/etc/svn-access.conf
Satisfy All
&lt;/Location&gt;[/code:1]

While if I comment &quot;Satisfy All&quot; nothing happen, if I comment &quot;Require valid-user&quot;instead then finally I got fully anonymous access to the repoository.
Hovewer when I try to access using a rw username, this still one access the repository as anonymous, so I can't commit back if I remove &quot;Require valid-user&quot;..

Fri, 08/01/2008 - 06:20 (Reply to #6)
sylvaticus

I finally solved following
http://help.joyent.com/index.php?pg=kb.page&amp;id=52

Basically, the <b>Satisfy All</b> directive in apache virtual host configuration file should be <b>Satisfy any</b>.

However I think Virtualmin should by default add &quot;Satisfy any&quot; instead of &quot;Satisfy All&quot; when it enables SVN for a domain..

Should I feel a bug report?? What do you think ??

Fri, 08/01/2008 - 08:51 (Reply to #7)
andreychek

Howdy,

Glad you got it working!

I would definitely file a bug report for the problem you had and how you solved it.

If they added the &quot;Satisfy All&quot; intentionally we'll learn why, otherwise perhaps they'll be able to change that in the next release.

Thanks!
-Eric

Fri, 08/01/2008 - 10:31 (Reply to #8)
sylvaticus

done ;-)

thanks to you...

/Sylvaticus

Fri, 07/22/2011 - 04:25
sgrayban

Looks like there is a lingering issue with this.

All my repo's wont allow anonymous access at all even though the svn-access.conf is correct.

[hotsanic:/]
* = r
sgrayban = rw
[whmcs-clientmaps:/]
* = r
scott = rw
sgrayban = rw

No matter what I try it simply will not work.

Fri, 07/22/2011 - 08:50
Locutus

Define "will not work". What error exactly are you getting when trying what?