[SAC] Re: [OSGeo] #363: SVN repositories without authz files seem to allow any authorized OSGeo LDAP user to commit

OSGeo trac_osgeo at osgeo.org
Tue Aug 18 00:58:23 EDT 2009


#363: SVN repositories without authz files seem to allow any authorized OSGeo
LDAP user to commit
-----------------------+----------------------------------------------------
  Reporter:  hobu      |       Owner:  sac at lists.osgeo.org
      Type:  task      |      Status:  closed             
  Priority:  critical  |   Component:  SAC                
Resolution:  fixed     |    Keywords:  svn                
-----------------------+----------------------------------------------------
Changes (by warmerdam):

  * status:  new => closed
  * resolution:  => fixed

Comment:

 I have determined that the problem was a stray Requre valid-user in file
 /etc/httpd/conf.d/ldap_auth_url.inc which masked the Require group
 directive for the non-authz svn .conf files.

 I have removed this line from ldap_auth_url.inc, confirming that all the
 authz subversion .conf files already have Require valid-user.

 I then discovered that none of the Trac .conf files had REquire valid-user
 so I had to add it to all of them.

 So, now things seem to be secure again without setting up the authz stuff
 for all projects.

-- 
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/363#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.


More information about the Sac mailing list