使用 mod_authn_dbd 的 SVN 身份验证有效,但其他 svn 用户可以看到其他存储库
SVN authentication with mod_authn_dbd works but other svn users can see other repositories
正如标题所说,SVN 身份验证在 mod_authn_dbd 和 MySQL 上工作正常,但如果我使用 /repos/testrepo 的凭据登录,我可以切换到 /repos/ {any-other-existing-repo} 在浏览器中并在成功登录后查看其他 repos。我的配置有什么问题?
Apache2 虚拟主机:
DBDriver mysql
DBDParams "host=127.0.0.1 port=3306 dbname=svndb user=svnuser pass=svnpass"
DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 200
<Location /repos>
DAV svn
SVNParentPath /var/www/svn/repos/
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
MySQL 数据库:
"svndb.users"
id (int)
user (varchar)
password (varchar)
有两种方法可以解决这个问题。第一个是将 SVNParentPath 指令更改为 SVNPath,并且仅指向您的 /var/www/svn/repos/testrepo。另一种解决方案是启用 authz_svn_module(每个目录访问控制)并使用 AuthzSVNAccessFile 指令添加授权文件。您的配置允许访问 /var/www/svn/repos 路径下的所有存储库的原因是因为 SVNParentPath 共享子目录。这是来自 SVNParentPath 文档:
Specifies the location in the filesystem of a parent directory whose
child directories are Subversion repositories. In a configuration
block for a Subversion repository, either this directive or SVNPath
must be present, but not both.
解决方案 1:
...
<Location /repos>
DAV svn
SVNPath /var/www/svn/repos/testrepo
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
解决方案 2:
...
<Location /repos>
DAV svn
SVNParentPath /var/www/svn/repos/
AuthzSVNAccessFile /path/to/access-file.txt
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
====== access-file.txt ======
[groups]
admins = joe, kee
developers = marry
deployers = build
[testrepo:/]
@admins = rw
@deployers = r
@developers = rw
[someotherrepo:/]
@admins = rw
@developers =
@deployers =
zack = rw
正如标题所说,SVN 身份验证在 mod_authn_dbd 和 MySQL 上工作正常,但如果我使用 /repos/testrepo 的凭据登录,我可以切换到 /repos/ {any-other-existing-repo} 在浏览器中并在成功登录后查看其他 repos。我的配置有什么问题?
Apache2 虚拟主机:
DBDriver mysql
DBDParams "host=127.0.0.1 port=3306 dbname=svndb user=svnuser pass=svnpass"
DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 200
<Location /repos>
DAV svn
SVNParentPath /var/www/svn/repos/
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
MySQL 数据库:
"svndb.users"
id (int)
user (varchar)
password (varchar)
有两种方法可以解决这个问题。第一个是将 SVNParentPath 指令更改为 SVNPath,并且仅指向您的 /var/www/svn/repos/testrepo。另一种解决方案是启用 authz_svn_module(每个目录访问控制)并使用 AuthzSVNAccessFile 指令添加授权文件。您的配置允许访问 /var/www/svn/repos 路径下的所有存储库的原因是因为 SVNParentPath 共享子目录。这是来自 SVNParentPath 文档:
Specifies the location in the filesystem of a parent directory whose child directories are Subversion repositories. In a configuration block for a Subversion repository, either this directive or SVNPath must be present, but not both.
解决方案 1:
...
<Location /repos>
DAV svn
SVNPath /var/www/svn/repos/testrepo
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
解决方案 2:
...
<Location /repos>
DAV svn
SVNParentPath /var/www/svn/repos/
AuthzSVNAccessFile /path/to/access-file.txt
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT password FROM users WHERE user = %s"
Require valid-user
</Location>
====== access-file.txt ======
[groups]
admins = joe, kee
developers = marry
deployers = build
[testrepo:/]
@admins = rw
@deployers = r
@developers = rw
[someotherrepo:/]
@admins = rw
@developers =
@deployers =
zack = rw