如何在 svn authz 文件中允许未命名的用户?

发布于 2024-08-30 12:59:21 字数 1237 浏览 15 评论 0原文

我有一个使用 apache 运行的 Subversion 服务器。它在 apache 配置中使用 LDAP 对用户进行身份验证,并使用 SVN 授权来限制用户对某些存储库的访问。这非常有效。

Apache

DAV svn
SVNParentPath /srv/svn
SVNListParentPath Off
SVNPathAuthz Off
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN        # private stuff
AuthLDAPBindPassword  # private stuff
AuthLDAPURL           # private stuff
Require valid-user
AuthzSVNAccessFile /etc/apache2/dav_svn.authz

Subversion

[groups]
soft = me, and, all, other, developpers

从一台计算机添加匿名访问

现在,我想要设置一项服务(rietveld,用于代码审查),该服务需要对存储库进行匿名访问。由于这是一项 Web 服务,因此访问始终从同一服务器完成。因此我添加了 apache 配置以允许来自这台机器的所有访问。直到我在授权文件中添加一行以允许所有用户进行读取访问后,这才起作用。

Apache

<Limit GET PROPFIND OPTIONS REPORT>
  Order allow,deny
  Allow from # private IP address
  Satisfy Any
</Limit>

Subversion

[Software:/]
@soft = rw
* = r                    # <-- This is the added line

例如,在我添加来自特定 IP 的授权之前,所有用户都经过身份验证,因此都有一个名称。现在,某些访问无需用户名即可完成!我在 apache 日志文件中找到了 - 用户名,但是 - = r 行不起作用,anonymous = r 也不起作用。我不想允许 SVN 授权中的每个人进行读取访问。我该怎么做?

I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly.

Apache

DAV svn
SVNParentPath /srv/svn
SVNListParentPath Off
SVNPathAuthz Off
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN        # private stuff
AuthLDAPBindPassword  # private stuff
AuthLDAPURL           # private stuff
Require valid-user
AuthzSVNAccessFile /etc/apache2/dav_svn.authz

Subversion

[groups]
soft = me, and, all, other, developpers

Adding anonymous access from one machine

Now, I have a service I want to setup (rietveld, for code reviews) that needs to have an anonymous access to the repository. As this is a web service, accesses are always done from the same server. Thus I added apache configuration to allow all accesses from this machine. This did not work until I add an additional line in the authorization file to allow read access to all users.

Apache

<Limit GET PROPFIND OPTIONS REPORT>
  Order allow,deny
  Allow from # private IP address
  Satisfy Any
</Limit>

Subversion

[Software:/]
@soft = rw
* = r                    # <-- This is the added line

For instance, before I add the authorization from a specific IP, all users were authenticated, and thus had a name. Now, some accesses are done without a user name! I found the - user name in the apache log files, but the line - = r does not work, neither do anonymous = r. I'd like not to allow read access to everyone in SVN authorization. How can I do this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

蝶…霜飞 2024-09-06 12:59:21

尝试将其放入您的 authz 文件中:

[Software:/]
@soft = rw
$anonymous=r

Try putting this in your authz file:

[Software:/]
@soft = rw
$anonymous=r
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文