Permissions over http/https in subversions repository

joseba.ortega's Avatar

joseba.ortega

04 May, 2017 03:29 PM

Hello:
I'm running Rhodecode Community 4.7.2. I would like to use svntortoise and I have enabled svn over http, port 8090. We use our active directory for authentication. It works well. My problem is that any user who exists in Rhodecode can download the repository with svntortoise altought that user hasn't got permission over the repository.
I've searched a solution in your installation's information of your web page unsuccessfully.
I need, if a user wants to download a repository over http using svntortoise, the user only can download a repository where he has permissions.
Is this possible? How can I configure this??

Thank you

  1. Support Staff 1 Posted by Marcin Kuzminsk... on 04 May, 2017 03:33 PM

    Marcin Kuzminski's Avatar

    Hi Joseba,

    Have you disabled anonymous access ? (under admin > permissions) if anonymous access is enabled and default permissions are read it means someone without an account is allowed to do certain actions.

    Please disable anonymous access, and rhodecode should require authentication for reading the repository.

    P.S. Please consider joining our Slack community channel under https://rhodecode.com/join . Get access to our development team as well as community members always willing to help.

  2. 2 Posted by joseba.ortega on 05 May, 2017 07:30 AM

    joseba.ortega's Avatar

    Hi Marcin:
                    Thanks for your quick answer.

    This is our Rhodecode:

    [cid:[email blocked]]

    This is my configuration:

    [cid:[email blocked]]

    This is my repository:

    [cid:[email blocked]]
    Really, we the field “Colone Url” for showing the url for svntortoise.

    This is our configuration in Global Subversion Settings:

    [cid:[email blocked]]

    Permissions over RepoUno:

    [cid:[email blocked]]

    Another users without permissions over RepoUno:

    [cid:[email blocked]]

    For the test, we are going to use mto who hasn’t got permission about RepoUno:

    [cid:[email blocked]]

    User and password:

                    [Checkout]

    Result:

    [cid:[email blocked]]

    The user mto shouldn’t can download repository.

    Maybe, Could be it a misconfiguration in the apache file conf?

    Thank you

    [cid:[email blocked]]<https://www.linkedin.com/company/ingeteam-s-a>
    Joseba Mirena Ortega Artieta
    Dpto. de Calidad y Sistemas

    Ingeteam Power Technology S.A.

    Electronics

    Parque Tecnológico de Bizkaia, Edificio 110

    Tel. +34 944 03 96 00

    48170 Zamudio, Bizkaia. Spain

    Fax +34 946 018 901

    [Ingeteam]<http://www.ingeteam.com/>
    Advertencia: Este mensaje y sus anexos se dirigen exclusivamente a su destinatario, y contienen información privada y estrictamente confidencial. Si usted no es el destinatario y lo ha recibido por error, le rogamos se lo comunique inmediatamente al emisor por este medio, y proceda a destruirlo y borrarlo de su sistema informático, incluidas posibles copias. Cualquier uso, lectura, impresión, retención, alteración, difusión, archivo, reproducción o distribución a terceros, tanto del presente mensaje como de sus anexos, queda estrictamente prohibido y es ilegal.
    Warning: This message and its attached files are intended for the exclusive attention of the addressee(s) to whom it is addressed. Any information contained herein is proprietary and strictly confidential, and is intended only for the use of the addressee. If you are not the intended recipient and have received this message in error, please immediately notify the sender by return e-mail and destroy and delete this message from your computer system, including any existing copies. Unauthorized use, reading, printing, retention, alteration, disclosure, filing, copying, or distribution of this message and/or any attached files to third parties, is strictly prohibited by law.
    POR FAVOR, PIENSE EN EL MEDIO AMBIENTE ANTES DE IMPRIMIR ESTE MENSAJE. PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL

    De: Marcin Kuzminski [mailto:[email blocked]]
    Enviado el: jueves, 04 de mayo de 2017 17:34
    Para: Joseba Ortega Artieta (Ingeteam Power Technology - Technology) <[email blocked]>
    Asunto: Re: Permissions over http/https in subversions repository [Questions #33353]

  3. Support Staff 3 Posted by Marcin Kuzminsk... on 05 May, 2017 08:56 AM

    Marcin Kuzminski's Avatar

    Hi Joseb,

    I think i found the problem. In the clone url you used the port 8090 which afair is direct connection to Apache, as in the proxy settings. In order the authentication to work, RhodeCode must run on a different PORT, and all communication needs to go via RhodeCode itself. I think the problem is that this bypasses RhodeCode

    Please see what port rhodecode is running via rccontrol status, and it needs to be a different port than Apache that runs SVN proxy to RhodeCode.

    If you click on each users and go to edit, one of the navigation on the left is permission summary it'll show exactly what permissions are generated for this particular user.

  4. 4 Posted by joseba.ortega on 05 May, 2017 11:47 AM

    joseba.ortega's Avatar

    Hi Marcin:
     It had been my fault. I had checked “Require SSL for vcs operations” and besides you were right, I used direct connection against our Apache.
    So, I have changed the clone url and I have left : http://[email blocked]/RepoName
    Unchecked Require SSL for vcs operations.

    Right now, all is ok. Permissions are working perfectly.
    I’m going to implant this tool in the company. Your security levels are higher than the tool we are using currently.

    Thank you, Marcin.
    Thank you very much.

    Bye

  5. Support Staff 5 Posted by Marcin Kuzminsk... on 05 May, 2017 11:58 AM

    Marcin Kuzminski's Avatar

    Joseba-

    Happy to hear all is resolved now. I hope our Community edition will be a good fit for your company, and if you require some added features, such as advanced LDAP integration, added code-review capabilities, or our premium support. Feel free to contact [email blocked] to get a free trial of our Enterprise edition of RhodeCode

    In order to keep our support system clean and improve our response time to the open tickets, I will now close this support ticket. Of course, if you still have questions regarding this issue you may reopen this ticket at your convenience.

  6. Marcin Kuzminski closed this discussion on 05 May, 2017 11:58 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

17 Oct, 2018 03:22 PM
15 Oct, 2018 12:10 PM
15 Oct, 2018 05:20 AM
10 Oct, 2018 08:11 AM
03 Oct, 2018 01:16 PM

 

01 Oct, 2018 08:41 AM
28 Sep, 2018 10:12 AM
26 Sep, 2018 04:34 AM
21 Sep, 2018 04:40 PM
18 Sep, 2018 03:30 PM
11 Sep, 2018 09:12 AM