[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn.serverconfig.multimethod and authz

From: jehan procaccia <jehan.procaccia_at_int-evry.fr>
Date: 2006-10-18 23:46:21 CEST

hello
I want to have webDav (http/https) and svn+ssh (comand line
interface) access to my svn repositories
everything works fine for http/https, acces controls are respected
based on a central authz file.
however svn+ssh access controls don't work has expected. I have the
sentiment that svn+ssh doesn't take care of my authz file . Are acces
controls defined in authz file for svnserve or through traditional unix
filesystem modes ? The documentations says:

svn-book.html#svn.reposadmin.maint.tk
When *svnserve* is invoked by a tunnel agent like this, be sure that the
authenticated user has full read and write access to the repository
database files.

svn-book.html#svn.serverconfig.multimethod
All of your SSH users need to be able to read and write to the
repository. Put all the SSH users into a single group. Make the
repository wholly owned by that group, and set the group permissions to
read/write.

My svn+ssh clients access the repository this way:
"svn+ssh://svn@svn.server.fr/var/repos",on the svn.server.fr /var/repos
is chown svn:svn -R , svn user umask is 0002, and clients ID are map
through an ~svn/.ssh/authorized_keys containing each clients public keys
like this for user tutu for example:
command="svnserve -t --tunnel-user=tutu" ssh-rsa AAAXCDkey...
So I suppose that when svnserve is spawned, it is run as svn user,
although svn internal repositories acces will be recorded for author
tutu and authz acces control will match tutu (not svn !?) , have I well
understood ?
My concrete problem is that I want only tutu to have access to its
projects in s2ia repository below /tutu directory and others users
nothing, so I wrote this authz:
[/]
* = r
svn = rw
[s2ia:/]
@s2ia = r
[s2ia:/tutu]
tutu = rw
* =
[s2ia:/procacci]
procacci = rw
* =
then how can user procacci reads tutu's files :-(
 [procacci@anaconda ~]
$svn list --no-auth-cache
svn+ssh://svn@svn.server.fr.int-evry.fr/var/repos/s2ia/tutu/docs/trunk
hosts
hosts.allow

and why user procacci cannot write where he is supposed to be allowed to
write:
[procacci@anaconda ~]
$svn import -m "import initial de testsvn"
svn+ssh://svn@svn.server.fr/var/repos/s2ia/procacci/testsvn
svn: Authorization failed
authorization works here in the opposite I want them to work :-(

Help !
thanks.

PS: is there a way to check acces controls (authorization checks)
through logs, where svnserve logs this, how tell it to log something ? .

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Oct 18 23:47:10 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.