[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Problem with svnserve 1.3 authz, writing on subfolder requires read access on root.

From: Lieven Govaerts <lgo_at_mobsol.be>
Date: 2006-01-15 02:40:12 CET

Hi,

people testing the new authz code in svnserve 1.3 reported a problem on the
users list. Apparantly, a user with write access on a folder in the
repository also needs read access to the '/' folder, otherwise she'll get
'Access Denied' errors on commits to that folder.

Description:
> My intention was to give a particular user read/write access to a single
directory only, e.g.:
>
> [/]
> foo = rw
> [/open]
> bar = rw
>
> User bar can now read only from /open and no other directory.
> Unfortunately any write to /open returns with an "Access denied".
> With root read access enabled for bar, writes now succeed, e.g.:
>
> [/]
> foo = rw
> bar = r
> [/open]
> bar = rw
> [/other]
> bar =

A check in the code, and short discussion with David Anderson learned that:
- svnserve requires read access to the repository root for commits.
- this behaviour is by design.
- mod_authz_svn doesn't have this behaviour, making both implementations of
the same authz model incompatible

I consider this a bug in svnserve, since the behaviour expected by svn
admins is the mod_authz_svn model.

The root cause of this issue in svnserve seems to be the lack of an 'execute
bit' in the authz component. An 'execute bit' specifies 'cd into folder'
rights for users, without giving them read access on the content of that
folder.

So, the suggested solution is to add to ability to specify the execute bit
for folders in the authz file. Where the root folder now needs read rights,
they can then be lowered to execute rights.

Attached patch provides this ability. The patch is not ready, I attached it
as a way to show what I mean. This patch is based on the patch attached to
issue #2298 ( that issue seems to be a solution in search of a problem? )

Some questions:
- How come that mod_authz_svn does not have the same problem? Maybe it
assumes implicite execute rights on the root folder?
- Since this problem was already known, can someone point me to the relevant
discussions on the dev list?
- What are other people's thoughts on this topic?

Implementing this fix for mod_authz_svn can - depending on the answer on my
first question - break compatibility for authz files, so I think it should
be discussed and agreed upon very thoroughly.

Lieven.

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/229 - Release Date: 13/01/2006
 
  


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sun Jan 15 02:43:37 2006

This is an archived mail posted to the Subversion Dev mailing list.