Nix,
I think you should change the line [/network-admin] in your authz file to:
[network-admin:/]
Lieven.
> -----Original Message-----
> From: Nix [mailto:nix@esperi.org.uk]
> Sent: zaterdag 28 januari 2006 19:45
> To: users@subversion.tigris.org
> Subject: svn+ssh authentication interacts badly with authz: I am lost
>
> Specifically, it thinks I'm always semi-anonymous, despite my
> having authenticated as a specific user: reading is permitted
> regardless of authz, writing is always banned.
>
> e.g., with conf/passwd containing
>
> [users]
> snortrules = lalalala
>
> and conf/authz containing
>
> [groups]
> administrators = root,snortrules
>
> [/]
> * =
>
> [/network-admin]
> @administrators = rw
>
> and svnserve.conf stating `anon-access none', I see this:
>
> loki:/etc/snort$ svn ls svn+ssh://svn.esperi.org.uk/network-admin
> snort-rules/
> udev.rules.pristine/
> [...]
>
> loki:~/blah/network-admin$ svn info
> Path: .
> URL: svn+ssh://svn.esperi.org.uk/network-admin
> Repository Root: svn+ssh://svn.esperi.org.uk Repository UUID:
> 64f33436-08cc-0310-9219-c390f39ec3c8
> Revision: 58
> Node Kind: directory
> Schedule: normal
> Last Changed Author: root
> Last Changed Rev: 58
> Last Changed Date: 2006-01-17 21:32:41 +0000 (Tue, 17 Jan 2006)
>
> loki:~/blah/network-admin$ svn add blah
> A blah
> loki:~/blah/network-admin$ svn commit
> Adding blah
> Transmitting file data .svn: Commit failed (details follow):
> svn: Access denied
> svn: Your commit message was left in a temporary file:
> svn: '/home/snort/blah/network-admin/svn-commit.tmp'
>
>
> So a tunnelled svnserve thinks I'm always read-only, and
> seemingly completely ignores the authz and passwd files: a
> non-tunnelled one is happier, but appears to have no
> understanding of `anonymous'; you are always challenged for a
> username and password, and access is completely rejected if
> these aren't provided.
>
>
> How on earth do I set up path-based auth for svnserve and
> svn+ssh? I'd not think my requirements (authentication and
> path-constrained anonymous access for remote connections,
> path-constrained preauthenticated access for connections
> tunnelled over ssh) was all that unusual, but it appears to
> be impossible to make it work.
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.23/243 - Release Date: 27/01/2006
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jan 28 20:21:15 2006