----- Original Message -----
From: "Ben Collins-Sussman" <sussman@collab.net>
> On Sun, 2003-11-16 at 07:15, Rodrigo B. de Oliveira wrote:
>
> > ...
> > Anyways, since you told me it was an authorization related error I tried
to
> > remove
> > the REPORT method from the LimitExcept directive and it started
> > working again. I don't understand why though...
>
> Well, I can explain what's going on inside apache...
>
> To perform a checkout, your svn client sends a REPORT request. The
> server's response is a long description of a tree, complete with inline
> files and properties.
>
> In your vanilla setup above, the REPORT request doesn't require any
> authentication or authorization, which is totally reasonable: you've
> set things up for anonymous read-access.
>
Yes. That's what I intended.
> What's new in svn 0.33, however, is that each path coming back to the
> client is the report-response is now 'internally' authorized by
> mod_dav_svn. Before putting the path in the response, mod_dav_svn makes
> an internal 'subrequest' to apache: "hey, would a GET of this
> repository path succeed?" If yes, then everything's fine.
>
> So the error you're seeing is that somehow mod_dav_svn has decided that
> a GET of the root-directory of your checkout would not succeed. That's
> a bit of a mystery, no?
>
Hmmm... What is considered the root of a checkout? I'm asking it because
in the way I've set my server up the repository is accessible through the
/boo/svn path but any path above it is actually inaccessible, in other
words:
/boo/svn - read-only by anonymous, writable by valid users
/boo/ - access denied
/ - access denied
Do you think it has something to do with it?
> Your workaround simply forced all REPORT requests (and thus all
> checkouts/updates) to require authentication. That's probably not at
> all what you want for the long-term.
You're right.
> I'd like to know if you've found some sort of edge-case
> bug in our new mod_dav_svn authorization system. But I'm not sure how
> to reproduce the problem.
>
I'll try allowing read-only access to both paths / and /boo to see if
it all works then and let you know.
Thanks again!
Rodrigo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Nov 16 14:58:44 2003