I've got a complicated ACL on my Apache server, blocking access to
certain subdirectories in the svn repo based on whether the user is part
of an offshore group. I'm trying to give an offshore Release Engineer
access to create tags. When she tries to do an 'svn copy', she gets the
following:
svn copy --username user1 http://ourserver/svn/foo/bar
http://ourserver/svn/foo/release_tags/v1.0
svn: PROPFIND request failed on '/svn/ourserver'
svn: PROPFIND of '/svn/ourserver': authorization failed
(http://ourserver)
The Apache log shows:
[Wed Apr 06 15:53:33 2005] [error] [client 10.206.133.159] Access
denied: 'user1' PROPFIND ourserver:/
It turns out this user is part of a group that does not have access to
the root of the repo, but does have access to the subdir
http://ourserver/svn/foo/release_tags. As an experiment I tried adding
her to a special group that has read-only access to the root, and sure
enough, her copy went through (of course I can't keep this in place as
offshore access must be blocked at the root level).
Here's a snippet from the Apache config file:
<Location /svn>
DAV svn
SVNParentPath /data1/svn
AuthzSVNAuthoritative On
AuthzSVNAccessFile /data1/svn/access.conf
AuthLDAPEnabled on
AuthLDAPAuthoritative off
[ ... LDAP server info removed ... ]
AuthName "Your Vitria Login: "
AuthType Basic
require valid-user
</Location>
So why is it that the copy does a PROPFIND on the root of the repo? Any
suggestions on a solution?
thanks
ken :-)
~~~~~~~~~~~~~~~~~~~~~~~
Kenneth J. Mc Knight
Staff Release Engineer
Release Group
Vitria Technology, Inc.
945 Stewart Dr.
Sunnyvale, CA 94085-3913
+1.408.212.2346
mailto:kmcknight@vitria.com
http://www.vitria.com
~~~~~~~~~~~~~~~~~~~~~~~
Received on Thu Apr 7 22:32:45 2005