[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn+ssh authentication interacts badly with authz: I am lost

From: Nix <nix_at_esperi.org.uk>
Date: 2006-01-29 23:12:36 CET

On Sun, 29 Jan 2006, Lieven Govaerts moaned:
>
> The part before the ':' is the repository name, but in svnserve that's not
> used.

That's what I thought.

> Can you show us the content of your svnserve.conf?

Sure. Here it is (commented lines stripped):

[general]
anon-access = read
auth-access = write
password-db = passwd
authz-db = authz

And the stripped-down debugging authz I saw this with reads:

[groups]
us = nix
administrators = snort,snortrules,root

[/]
@us = rw
* =

[/network-admin]
@administrators = rw
* =

And here's a svn+ssh commit failing:

snortrules@loki:~/blah/network-admin$ svn info
Path: .
URL: svn+ssh://svn.esperi.org.uk/network-admin
Repository Root: svn+ssh://svn.esperi.org.uk
Repository UUID: 64f33436-08cc-0310-9219-c390f39ec3c8
Revision: 58
Node Kind: directory
Schedule: normal
Last Changed Author: root
Last Changed Rev: 58
Last Changed Date: 2006-01-17 21:32:41 +0000 (Tue, 17 Jan 2006)

snortrules@loki:~/blah/network-admin$ svn commit
Adding blah
Transmitting file data .svn: Commit failed (details follow):
svn: Access denied
svn: Your commit message was left in a temporary file:
svn: '/home/snort/blah/network-admin/svn-commit.tmp'

> I'm not sure if what you want is in fact possible with svnserve. The fact
> that
> you put 'anon-access none' definitely disables any r+w access for anonymous
> user.

Ah. The docs implied that this was overridden by authz. How *do* the two
interact? Does the anon-access/write-access specify a maximum
permission, which is then reduced by authz?

If so, how do I specify `this path should be writable only by particular
users with svn://'? (I'd like it to apply to svn+ssh, too, but I'd be
happy enough if svn+ssh was allowed to write *at all*. Right now with
this configuration it always seems to be classified as sort-of-
anonymous: it can read, but not write.) 

-- 
`I won't make a secret of the fact that your statement/question
 sent a wave of shock and horror through us.' --- David Anderson
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Jan 29 23:14:25 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.