Nix,
I guess you're encountering (atleast) this issue:
http://subversion.tigris.org/issues/show_bug.cgi?id=2486
There's a bug in the new authz code in svnserve, that requires you to provide
read access on root to users that require write access on any place in the
repository.
In your authz file, can you try this:
[/]
@us = rw
@administrators = r
I realize this is probably not what you wanted to do, but it's the only
workaround available at this time.
Lieven.
> -----Original Message-----
> From: Nix [mailto:nix@esperi.org.uk]
> Sent: zondag 29 januari 2006 23:13
> To: Lieven Govaerts
> Cc: users@subversion.tigris.org
> Subject: Re: svn+ssh authentication interacts badly with authz: I am
> lost
>
> On Sun, 29 Jan 2006, Lieven Govaerts moaned:
> >
> > The part before the ':' is the repository name, but in svnserve that's
>
> > not used.
>
> That's what I thought.
>
> > Can you show us the content of your svnserve.conf?
>
> Sure. Here it is (commented lines stripped):
>
> [general]
> anon-access = read
> auth-access = write
> password-db = passwd
> authz-db = authz
>
> And the stripped-down debugging authz I saw this with reads:
>
> [groups]
> us = nix
> administrators = snort,snortrules,root
>
> [/]
> @us = rw
> * =
>
> [/network-admin]
> @administrators = rw
> * =
>
>
> And here's a svn+ssh commit failing:
>
> snortrules@loki:~/blah/network-admin$ svn info
> Path: .
> URL: svn+ssh://svn.esperi.org.uk/network-admin
> Repository Root: svn+ssh://svn.esperi.org.uk Repository UUID:
> 64f33436-08cc-0310-9219-c390f39ec3c8
> Revision: 58
> Node Kind: directory
> Schedule: normal
> Last Changed Author: root
> Last Changed Rev: 58
> Last Changed Date: 2006-01-17 21:32:41 +0000 (Tue, 17 Jan 2006)
>
> snortrules@loki:~/blah/network-admin$ svn commit
> Adding blah
> Transmitting file data .svn: Commit failed (details follow):
> svn: Access denied
> svn: Your commit message was left in a temporary file:
> svn: '/home/snort/blah/network-admin/svn-commit.tmp'
>
> > I'm not sure if what you want is in fact possible with svnserve. The
> > fact that you put 'anon-access none' definitely disables any r+w
> > access for anonymous user.
>
> Ah. The docs implied that this was overridden by authz. How *do* the two
> interact? Does the anon-access/write-access specify a maximum
> permission, which is then reduced by authz?
>
> If so, how do I specify `this path should be writable only by particular
> users with svn://'? (I'd like it to apply to svn+ssh, too, but I'd be
> happy enough if svn+ssh was allowed to write *at all*. Right now with
> this configuration it always seems to be classified as sort-of-
> anonymous: it can read, but not write.)
>
> --
> `I won't make a secret of the fact that your statement/question sent a
> wave of shock and horror through us.' --- David Anderson
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jan 30 10:12:27 2006