[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: authz repository syntax

From: Lieven Govaerts <svnlgo_at_mobsol.be>
Date: 2006-10-27 13:16:51 CEST

Which server version is it you're using? 1.3.x?

Lieven.

Quoting Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>:

> Lieven Govaerts wrote:
> > Jehan PROCACCIA wrote:
> >
> >> I found the changelog
> >> http://svn.collab.net/repos/svn/trunk/CHANGES
> >> however, I didn't find anything about supporting [repository:/folder]
> >> syntax in authz file for svnserve is a 1.4 :-(
> >> Then shall I consider this as a bug ?
> >>
> >>
> > That syntax has been supported since 1.3, there's nothing changed in 1.4
> > concerning authz and svnserve as far as I know.
> >
> > I suggest you describe in detail what your setup looks like, how your
> > authz file looks like and which action exactly fails + the error message
> > you get.
> >
> > Lieven.
> >
> 1) I configure svnserve to read a common (central) to all repositories
> authz file, here /svn/authz.s2ia, note that syntax is [repository:/folder]
>
> [svn@share /svn/s2ia/procacci/conf]
> $ grep authz svnserve.conf
> authz-db = /svn/authz.s2ia
> #authz-db = authz
>
> /svn/authz.s2ia contains
> [groups]
> s2ia = procacci,tutu
> [/]
> @s2ia = r
> * =
> [procacci:/]
> procacci = rw
> * =
> [procacci:/trunk]
> procacci = rw
>
> then procacci wants to write to its repository , but he's get a
> authorization failed :-(
> [procacci@anaconda ~/checkout]
> $svn checkout svn+ssh://svn@share.int-evry.fr/svn/s2ia/procacci/ ; cd
> checkout/procacci/trunk/scripts
> $svn add test.sh
> A test.sh
> [procacci@anaconda ~/checkout/procacci/trunk/scripts]
> $svn commit -m "added test.sh"
> svn: Commit failed (details follow):
> svn: Authorization failed
>
>
> 2) If I set a local authz file for the repository
>
> [svn@share /svn/s2ia/procacci/conf]
> $ grep authz svnserve.conf
> #authz-db = /svn/authz.s2ia
> authz-db = authz
>
> /svn/s2ia/procacci/conf/authz contains: (note that syntax is now [/folder] )
>
> [/]
> procacci = rw
> * = r
> [/trunk]
> procacci = rw
> * =
>
> user procacci can now add the file
>
> [procacci@anaconda ~/checkout/procacci/trunk/scripts]
> $svn commit -m "add test.sh"
> Adding scripts/test.sh
> Transmitting file data .
> Committed revision 3.
>
> So I concluded that [repository:/folder] syntax is not "honored" by
> svnserve . all my exemples with the central /sv/authz.s2ia file acl
> works very fine with Dav acces .
>
> 3) An other proof of my problem, now that test.sh has been added, I
> switch back to /svn/authz.s2ia for svnserve config (authz-db =
> /svn/authz.s2ia)
> I modifie locally test.sh
> then:
> [procacci@anaconda ~/checkout/procacci/trunk/scripts]
> $svn commit -m "mod test.sh"
> Sending scripts/test.sh
> Transmitting file data .svn: Commit failed (details follow):
> svn: Access denied
>
> What's wrong ? why some on this list mention the same problem and for
> other (on 1.4 !) that does work ?
>
> Thanks.
>
> PS: svn+ssh works trough the svn account this way
> svn+ssh://svn@share.int-evry.fr:/svn/repository/user
> and ssh authorized_keys in svn account contain public keys of users,
> allowing them to start the command svnserve -t --tunnel-user=login
> [svn@share ~/.ssh]
> $ cat authorized_keys
> command="svnserve -t --tunnel-user=procacci" ssh-rsa AAAAB_LONG_KEY ...=
> procacci@elaphe.int-evry.fr
>
>
>
>
>
>
>
>
>

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Oct 27 13:17:46 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.