[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Writing on subfolder requires read access on repository root

From: Srinivas Peddi <speddi_at_uscentral.org>
Date: Mon, 30 Nov 2009 10:53:15 -0600

Thank you for your reply. I tested this scenario and still not
working. When I use construct ~ the group that need access to that
project are not able to commit anything and getting "server send
unexpected return value (403 forbidden) in response to options" error
message.

 

Here is an example.

 

[test:/]

* = r

 

[test:/project1]

@dev1 = rw

~dev1 =

 

When I give access like this the user in the group dev1 are not able
to commit to project1. Can you please test this scenario in your
environment.

 

Srini

 

________________________________

From: Engebakken Geir [mailto:geir.engebakken_at_edb.com]
Sent: Monday, November 30, 2009 6:08 AM
To: Srinivas Peddi; Hyrum K. Wright
Cc: users_at_subversion.tigris.org
Subject: RE: Writing on subfolder requires read access on repository
root

 

Well I discovered the same problem. So ended up with a scheme that
works, although a bit cumbersome. What we do is give all users
readaccess to root, and then give rw access to groups on
subdirectories.

 

Since we also want to deny non-authorized users read access to the
projects that they are not members of we use the construct ~, which is
used to negate the accesseslist. An abstract of our access file will
show this better:

 

Accesses for the entire repos is like this :

 

[java:/]

*=r

@admin=rw

 

And so for each project we define accesses as following :

 

 [java:/xxx/archive]

@admin=rw

@archive=rw

~archive =

 

~archive= means all users not in archive group are denied access.

 

 

 

 

 

Geir

From: Srinivas Peddi [mailto:speddi_at_uscentral.org]
Sent: 23. november 2009 16:56
To: Hyrum K. Wright
Cc: users_at_subversion.tigris.org
Subject: RE: Writing on subfolder requires read access on repository
root

 

Hi,

   Not really. This is issue looks little different from #3242. As I
mentioned below looks like it was fixed 1.3.2 (Issue#2486). Am I
missing something here. Can anybody help me.

 

Thanks
Srini

  

-----Original Message-----
From: Hyrum K. Wright [mailto:hyrum_wright_at_mail.utexas.edu]
Sent: Friday, November 20, 2009 4:32 PM
To: Srinivas Peddi
Cc: users_at_subversion.tigris.org
Subject: Re: Writing on subfolder requires read access on repository
root

 

 

On Nov 20, 2009, at 3:48 PM, Srinivas Peddi wrote:

 

> Hi,

>

> Really need help. We are migrating from CVS to SVN. The problem I
encountering is it requiring read access at root level even when the
user need write access at sub folder/directory level. So unable to
restrict access to other folders/directories.

>

> Here are the details:

> SVN Version : 1.6.2

> Implementation : Apache + SVN and Active directory based
authentication. (AuthType sspi and using AuthzSVNAccessFile)

> Environment : Windows 2003 server

>

> /

> /Project1

> /Subproject1

> /Project2

> /SubProject2

>

> Example :

> Two users : User1 & User2

>

> When the User1 needs write access to /Project2, I have to give him
read access at root level too. Otherwise that User1 cannot even get it
in to the repository. Since we need to implement strict access levels
for the modules in the repository, other groups or users are not
supposed to even read other modules.

>

> Here is the Authorization.conf file.

>

> [groups]

> Test1 = User1

> Test2 = User2

>

> [/]

> * = r

>

> [/Project2]

> @Test1 = rw

>

> I looked at mailing lists and archives and found that this was fixed
in release 1.3.2 (Issue Id 2486). Am I doing something wrong here, why
I am getting same error in 1.6.2? Any help is greatly appreciated.

 

Do you think this is part of issue #3242:

http://subversion.tigris.org/issues/show_bug.cgi?id=3242

 

There is a potential fix being developed, but there is not yet an
expected release date for this fix.

 

-Hyrum

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2425565

Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-11-30 17:54:21 CET

This is an archived mail posted to the Subversion Users mailing list.