[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Where do we post questions about Subclipse?

From: Bill Ewing <bewing_at_nexusbio.com>
Date: 2006-01-30 17:43:02 CET

 

-----Original Message-----
From: Nix [mailto:nix@esperi.org.uk]
Sent: Sunday, January 29, 2006 2:13 PM
To: Lieven Govaerts
Cc: users@subversion.tigris.org
Subject: Re: svn+ssh authentication interacts badly with authz: I am lost

On Sun, 29 Jan 2006, Lieven Govaerts moaned:
>
> The part before the ':' is the repository name, but in svnserve that's
> not used.

That's what I thought.

> Can you show us the content of your svnserve.conf?

Sure. Here it is (commented lines stripped):

[general]
anon-access = read
auth-access = write
password-db = passwd
authz-db = authz

And the stripped-down debugging authz I saw this with reads:

[groups]
us = nix
administrators = snort,snortrules,root

[/]
@us = rw
* =

[/network-admin]
@administrators = rw
* =

And here's a svn+ssh commit failing:

snortrules@loki:~/blah/network-admin$ svn info
Path: .
URL: svn+ssh://svn.esperi.org.uk/network-admin
Repository Root: svn+ssh://svn.esperi.org.uk Repository UUID:
64f33436-08cc-0310-9219-c390f39ec3c8
Revision: 58
Node Kind: directory
Schedule: normal
Last Changed Author: root
Last Changed Rev: 58
Last Changed Date: 2006-01-17 21:32:41 +0000 (Tue, 17 Jan 2006)

snortrules@loki:~/blah/network-admin$ svn commit
Adding blah
Transmitting file data .svn: Commit failed (details follow):
svn: Access denied
svn: Your commit message was left in a temporary file:
svn: '/home/snort/blah/network-admin/svn-commit.tmp'

> I'm not sure if what you want is in fact possible with svnserve. The
> fact that you put 'anon-access none' definitely disables any r+w
> access for anonymous user.

Ah. The docs implied that this was overridden by authz. How *do* the two
interact? Does the anon-access/write-access specify a maximum permission,
which is then reduced by authz?

If so, how do I specify `this path should be writable only by particular
users with svn://'? (I'd like it to apply to svn+ssh, too, but I'd be happy
enough if svn+ssh was allowed to write *at all*. Right now with this
configuration it always seems to be classified as sort-of-
anonymous: it can read, but not write.)

--
`I won't make a secret of the fact that your statement/question  sent a wave
of shock and horror through us.' --- David Anderson
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jan 30 17:49:29 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.