[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn+ssh authentication interacts badly with authz: I am lost

From: Nix <nix_at_esperi.org.uk>
Date: 2006-01-28 19:45:09 CET

Specifically, it thinks I'm always semi-anonymous, despite my having
authenticated as a specific user: reading is permitted regardless
of authz, writing is always banned.

e.g., with conf/passwd containing

[users]
snortrules = lalalala

and conf/authz containing

[groups]
administrators = root,snortrules

[/]
* =

[/network-admin]
@administrators = rw

and svnserve.conf stating `anon-access none', I see this:

loki:/etc/snort$ svn ls svn+ssh://svn.esperi.org.uk/network-admin
snort-rules/
udev.rules.pristine/
[...]

loki:~/blah/network-admin$ svn info
Path: .
URL: svn+ssh://svn.esperi.org.uk/network-admin
Repository Root: svn+ssh://svn.esperi.org.uk
Repository UUID: 64f33436-08cc-0310-9219-c390f39ec3c8
Revision: 58
Node Kind: directory
Schedule: normal
Last Changed Author: root
Last Changed Rev: 58
Last Changed Date: 2006-01-17 21:32:41 +0000 (Tue, 17 Jan 2006)

loki:~/blah/network-admin$ svn add blah
A blah
loki:~/blah/network-admin$ svn commit
Adding blah
Transmitting file data .svn: Commit failed (details follow):
svn: Access denied
svn: Your commit message was left in a temporary file:
svn: '/home/snort/blah/network-admin/svn-commit.tmp'

So a tunnelled svnserve thinks I'm always read-only, and seemingly
completely ignores the authz and passwd files: a non-tunnelled one is
happier, but appears to have no understanding of `anonymous'; you
are always challenged for a username and password, and access is
completely rejected if these aren't provided.

How on earth do I set up path-based auth for svnserve and svn+ssh? I'd
not think my requirements (authentication and path-constrained anonymous
access for remote connections, path-constrained preauthenticated access
for connections tunnelled over ssh) was all that unusual, but it
appears to be impossible to make it work. 

-- 
`I won't make a secret of the fact that your statement/question
 sent a wave of shock and horror through us.' --- David Anderson
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jan 28 19:48:14 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.