My organization has been using VisualSVN Server for about two years
now. Last week, we upgraded from version 2.1.7 to version 2.5.4 (yeah,
I know, we waited a long time to upgrade). Anyway, the upgrade went
extremely smoothly...or so we had thought.
On our repository we have very limited branch-level security (from the
authz file:)
[/]
*=rw
[Dev:/]
*=r
@Developer=rw
@QA=r
[Dev:/branches/v6]
@Developer=r
The goal we want is that Developers should have read/write access to
the entire repository except for /branches/v6 which they only have
read access while QA only have read access to the entire repository.
The problem is, that since the upgrade, everyone has read/write access
to the entire repository. It seems that the branch-level security is
completely ignored.
As a test, I've created a new repository for testing with following
security:
[XXX:/trunk/One]
*=r
where everyone can read/write from the root, but only read access is
granted for everyone at /trunk/One. This is working just fine.
My httpd.conf is:
#
# This is configuration file for Apache HTTP server which is
# part of VisualSVN Server.
#
# DO NOT EDIT THIS FILE IT WILL BE REGENERATED AUTOMATICALLY BY
VISUALSVN SERVER
#
# Contact with VisualSVN Ltd. (supp...@visualsvn.com) if you have
suggestions and
# improvements.
#
ThreadsPerChild 128
MaxMemFree 64
MaxRequestsPerChild 0
MaxKeepAliveRequests 2000
KeepAliveTimeout 5
Win32DisableAcceptEx
LimitXMLRequestBody 0
LimitRequestFieldSize 12392
ServerRoot "C:/Program Files/VisualSVN Server"
ServerName "Etreby31.etreby.com:443"
ServerSignature Off
ServerTokens Prod
DocumentRoot "htdocs"
FileETag MTime Size
PidFile "${TEMP}\VisualSVNServer.pid"
Listen "443"
LoadModule auth_basic_module bin/mod_auth_basic.so
LoadModule authn_file_module bin/mod_authn_file.so
LoadModule authn_visualsvn_module bin/mod_authn_visualsvn.so
LoadModule authz_svn_module bin/mod_authz_svn.so
LoadModule alias_module bin/mod_alias.so
LoadModule dir_module bin/mod_dir.so
LoadModule mime_module bin/mod_mime.so
LoadModule setenvif_module bin/mod_setenvif.so
LoadModule rewrite_module bin/mod_rewrite.so
LoadModule expires_module bin/mod_expires.so
LoadModule dav_module bin/mod_dav.so
LoadModule dav_svn_module bin/mod_dav_svn.so
LoadModule ssl_module bin/mod_ssl.so
<Directory />
Options FollowSymLinks
AllowOverride None
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/svn$
RewriteRule ^(.*/svn)$ %1/ [R=301,L]
</Directory>
SVNInMemoryCacheSize 16384
<Location /svn/>
DAV svn
SVNListParentPath on
SVNParentPath "C:/SVN/"
SVNIndexXSLT "/svnindex.xsl"
SVNPathAuthz short_circuit
SVNCacheTextDeltas off
SVNCacheFullTexts off
AuthName "VisualSVN Server"
AuthType Basic
AuthBasicProvider file
AuthUserFile "C:/SVN/htpasswd"
AuthzSVNAccessFile "C:/SVN/authz"
require valid-user
# Add Expires/Cache-Control header explictly
ExpiresActive on
ExpiresDefault access
</Location>
Alias /web-ui-static htdocs/web-ui-static
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
ErrorLog nul
LogLevel error
TraceEnable off
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
<IfModule ssl_module>
SSLEngine on
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLPassPhraseDialog builtin
SSLSessionCache "shm:C:/SVN/ssl_scache"
SSLSessionCacheTimeout 300
SSLMutex default
SSLCertificateFile certs/server.pem
SSLCertificateKeyFile certs/server.pem
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:
+MEDIUM
SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
</IfModule>
Include conf/httpd-custom.conf
Any assistance would be appreciated. At the moment, we're exposed to
unauthorized commits. Also, if this issue has already been covered in
another post, I apologize...I did quite a bit of searching before I
wrote this and I didn't find anything that looks like my issue.
Steve Garcia
Senior Developer
Cerner Etreby
--
You received this message because you are subscribed to the Google Groups
"VisualSVN" group.
To post to this group, send email to visualsvn@googlegroups.com.
To unsubscribe from this group, send email to
visualsvn+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/visualsvn?hl=en.
