[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN not asking for authorization

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-05-21 02:17:11 CEST

On May 20, 2005, at 5:49 PM, Dave Merrill wrote:

> SVN newb here, aplogies if this is all obvious...
>
> I'm not sure if this is a Subversion or TortoiseSVN issue, but
> TortoiseSVN
> doesn't seem to require any kind of authorization to access a file-
> based
> repository on the same machine (win2k).
>
> svn/repositoryname/conf/svnserve.conf contains the following (among
> other
> things):
>
> ----------------
> [general]
> password-db = passwd
> realm = Subversion repositories
> anon-access = none
>
> [auth]
> store-auth-creds = no

There are multiple confusions here...

First, there's no such thing as an [auth] section in svnserve.conf.
You're mixing it up with a config section from the *client* side
~/.subversion/servers file.

Second, that file is only ever used by the 'svnserve' server
program. That's it. Not apache, and certainly not direct (file:///)
access.

Third, there's no such thing as access control when your client
touches the repository directly via file:///. It's meaningless; who
would enforce it? Even if the client saw some variables that meant,
"don't change things", the user could always open the repository
files directly in a text editor and and start mucking with things.
In other words, the only permissioning going on are operating-system
perms on the database files. That's it. Set the ACLs appropriately,
and let your OS do the work.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat May 21 02:18:52 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.