如何在 svn authz 文件中允许未命名的用户?
我有一个使用 apache 运行的 Subversion 服务器。它在 apache 配置中使用 LDAP 对用户进行身份验证,并使用 SVN 授权来限制用户对某些存储库的访问。这非常有效。
Apache
DAV svn
SVNParentPath /srv/svn
SVNListParentPath Off
SVNPathAuthz Off
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN # private stuff
AuthLDAPBindPassword # private stuff
AuthLDAPURL # private stuff
Require valid-user
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
Subversion
[groups]
soft = me, and, all, other, developpers
从一台计算机添加匿名访问
现在,我想要设置一项服务(rietveld,用于代码审查),该服务需要对存储库进行匿名访问。由于这是一项 Web 服务,因此访问始终从同一服务器完成。因此我添加了 apache 配置以允许来自这台机器的所有访问。直到我在授权文件中添加一行以允许所有用户进行读取访问后,这才起作用。
Apache
<Limit GET PROPFIND OPTIONS REPORT>
Order allow,deny
Allow from # private IP address
Satisfy Any
</Limit>
Subversion
[Software:/]
@soft = rw
* = r # <-- This is the added line
例如,在我添加来自特定 IP 的授权之前,所有用户都经过身份验证,因此都有一个名称。现在,某些访问无需用户名即可完成!我在 apache 日志文件中找到了 - 用户名,但是 - = r 行不起作用,anonymous = r 也不起作用。我不想允许 SVN 授权中的每个人进行读取访问。我该怎么做?
I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly.
Apache
DAV svn
SVNParentPath /srv/svn
SVNListParentPath Off
SVNPathAuthz Off
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN # private stuff
AuthLDAPBindPassword # private stuff
AuthLDAPURL # private stuff
Require valid-user
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
Subversion
[groups]
soft = me, and, all, other, developpers
Adding anonymous access from one machine
Now, I have a service I want to setup (rietveld, for code reviews) that needs to have an anonymous access to the repository. As this is a web service, accesses are always done from the same server. Thus I added apache configuration to allow all accesses from this machine. This did not work until I add an additional line in the authorization file to allow read access to all users.
Apache
<Limit GET PROPFIND OPTIONS REPORT>
Order allow,deny
Allow from # private IP address
Satisfy Any
</Limit>
Subversion
[Software:/]
@soft = rw
* = r # <-- This is the added line
For instance, before I add the authorization from a specific IP, all users were authenticated, and thus had a name. Now, some accesses are done without a user name! I found the - user name in the apache log files, but the line - = r does not work, neither do anonymous = r. I'd like not to allow read access to everyone in SVN authorization. How can I do this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试将其放入您的 authz 文件中:
Try putting this in your authz file: