[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

1.1.0-rc1 authz_svn problem

From: David Kewley <kewley_at_caltech.edu>
Date: 2004-08-04 06:36:05 CEST

I just started a separate thread about a 1.1.0-rc1 symlink problem; the
present thread describes a second problem that I've encountered. You
may wish to consult the other thread for some details about my setup.

Briefly, I made a 1.1.0-rc1 rpm for Fedora Core 1, and made certain
choices regarding the versions of the supporting packages. My
repository is accessed via Apache httpd using ssl; my working copy and
the server and presently on the same box.

I have a 'private' directory that I am trying to protect via authz_svn.
If I browse the repository with a web browser, I can see all the
repository anonymously except for 'private' as desired. When I click
on the 'private' directory, it asks me for my username and password,
again as desired.

But when I do a 'svn co' of the repository, 'private' is not copied, I
am not asked for username or password, and no error or warning messages
are printed. 'private' is listed in its parent directory's .svn/
files.

It's worth mentioning that in an existing working directory before I put
the above authz_svn_access.conf into place, when I did a 'svn ci', it
did ask me for my subversion password, as expected and desired.

It's also worth mentioning that when I comment out the protections for
the 'private' directory in my authz_svn configuration file, the
checkout *does* include the 'private' directory.

This behavior is *not* as desired. Perhaps this is not a subversion bug
-- I may well have made some configuration mistake somewhere. But the
fact that during 'svn co' I'm not asked for username/password, *and*
not warned, does seem like a bug. It also seems suspicious that 'svn
co' fails where a web browser succeeds.

Can anyone reproduce this or comment on it?

David

Appendix -- httpd configuration, authentication, authorization

Here are the relevant parts of my Apache httpd setup:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

AliasMatch ^/svn/?$ /srv/svn/svn-index.html

<Location "/svn/shaman">
    DAV svn
    SVNPath /srv/svn/shaman

    RewriteEngine on
    RewriteCond %{SERVER_PORT} ^80$
    RewriteRule /svn/shaman(.*)$ https://%{HTTP_HOST}/svn/shaman$1 [R,L]

    AuthzSVNAccessFile /srv/svn/shaman/conf/authz_svn_access.conf

    Satisfy Any
    Require valid-user

    AuthType Basic
    AuthName "Shaman"
    AuthUserFile /srv/svn/shaman/conf/htpasswd

    Order Allow,Deny
    Allow from 127.
    # some more Allow lines to allow from various Caltech subnets
    # (including the subnet my box is on) and my off-campus home
    # machine

</Location>

Here is /srv/svn/shaman/conf/authz_svn_access.conf:

[groups]
gps-admins = kewley

[/]
* = r
@gps-admins = rw

[/trunk/private]
* =
@gps-admins = rw
sync-shaman = r

As for /srv/svn/shaman/conf/htpasswd, suffice it to say that it contains
a password for user 'kewley' -- I can use it (and am required to use
it) to see private/ via a web browser.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 4 06:36:27 2004

This is an archived mail posted to the Subversion Users mailing list.