[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.1.0-rc1 authz_svn problem

From: David Kewley <kewley_at_caltech.edu>
Date: 2004-08-05 19:36:42 CEST

Sander Striker wrote on Thursday 05 August 2004 02:07:
> > From: Ben Collins-Sussman [mailto:sussman@collab.net]
> > Sent: Wednesday, August 04, 2004 7:21 PM
> >
> > On Tue, 2004-08-03 at 23:36, David Kewley wrote:
> > > This behavior is *not* as desired. Perhaps this is not a
> > > subversion bug
> > > -- I may well have made some configuration mistake
> > > somewhere. But the
> > > fact that during 'svn co' I'm not asked for
> > > username/password, *and*
> > > not warned, does seem like a bug. It also seems suspicious
> > > that 'svn co' fails where a web browser succeeds.
> > >
> > > Can anyone reproduce this or comment on it?
> >
> > This is a failing in the authentication model, which Sander
> > Striker (the author of mod_authz_svn) have discussed in the
> > past. Because the 'root'
> > checkout requires no authn, the server sends no challenge,
> > and the checkout procedes as anonymous for the entire
> > checkout. I can't remember if there's a workaround or bug
> > filed on this, or if there's even a plan or way to get the
> > behavior you desire.
> >
> > Sander, can you comment?
> There is only a single request, the REPORT request, so there
> is only one chance for authentication. So, when you the authenticated
> user for the top level directory you are checking out doesn't
> have access to a lower directory, it is silently ignored (just
> like in CVS BTW).
> The problem is ofcourse more visible if you allow anonymous
> access to that same top level directory, since then there will
> be no authenticated user at all at the lower levels.

OK, now I understand that pretty well, thanks for the explanation.

> If you still wish to check out that directory, you have to
> cd into it's parent and run a checkout of the dir there.
> This should get you an authentication prompt.

I have an authz_svn access-controlled directory trunk/private/ -- /trunk is
anonymous-readable. When I do

  svn co <URL for trunk> .
  svn co <URL for private> ./private

then the output for 'svn st' is:

  ? private

Yeah, I can ignore that, but it would be nice to have a simple way to stitch
private/ into the trunk/ working copy. It looks like I can write a script to
xml-edit .svn/entries, taking out the absent="true" for private/, but is
there any simpler way?

Thanks much,

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 5 19:37:03 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.