Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)
From: Thomas ┼kesson <thomas_at_akesson.cc>
Date: Thu, 25 Oct 2012 15:57:02 +0200
On 24 okt 2012, at 15:37, Roderich Schupp wrote:
> On Wed, Oct 24, 2012 at 6:09 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
I was able to reproduce after reconfiguring from SVNParentPath to SVNPath.
Got similar output to what Roderich posted when authz configured such that user has no access.
If this behaviour appeared in SVN 1.7, then it seems likely that we are seeing another side effect of the very change that this thread started from: i.e. the "fix" for issue 2753. That fix presumably removes authz when accessing "/" regardless whether that means the list of repositories or the root of a single repository.
At minimum, this should be changed such that removal of authz on "/" only applies if referring to actual server root. That would enable hosting SVNParentPath directly on server root while reverting to 1.6 authz for the other cases: SVNParentPath in /somepath/ and SVNPath configs. Somewhat half baked since the "leak" will remain when hosting SVNParentPath directly on server root but ok for other configs.
A better solution is the earlier suggestion to filter list of repositories based on actual access to the individual repositories. That would remove the non-obvious behaviours which is somewhat important with authz.
This is an archived mail posted to the Subversion Dev mailing list.