I've tested your issue with svnserve 1.3.2 on Windows (no ssh) and I
can't reproduce it. I've attached my svnserve.conf, authz and passwd
file so you can compare with yours.
The issue you're seeing might be related to your usage of ssh, of which
I don't know much. Can you try to specify the exact account (--username)
to the commit command?
Lieven.
Jehan PROCACCIA wrote:
> $ svnserve --version
> svnserve, version 1.3.2 (r19776)
> compiled Jun 1 2006, 10:05:20
> $ rpm -q subversion
> subversion-1.3.2-2.1
> $ cat /etc/redhat-release
> Fedora Core release 5 (Bordeaux)
> $ uname -r
> 2.6.17-1.2187_FC5.vs2.0.2.3smp
>
> hope this helps .
>
> Lieven Govaerts wrote:
>> Which server version is it you're using? 1.3.x?
>>
>> Lieven.
>>
>> Quoting Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>:
>>
>>
>>> Lieven Govaerts wrote:
>>>
>>>> Jehan PROCACCIA wrote:
>>>>
>>>>
>>>>> I found the changelog
>>>>> http://svn.collab.net/repos/svn/trunk/CHANGES
>>>>> however, I didn't find anything about supporting [repository:/folder]
>>>>> syntax in authz file for svnserve is a 1.4 :-(
>>>>> Then shall I consider this as a bug ?
>>>>>
>>>>>
>>>>>
>>>> That syntax has been supported since 1.3, there's nothing changed
>>>> in 1.4
>>>> concerning authz and svnserve as far as I know.
>>>>
>>>> I suggest you describe in detail what your setup looks like, how your
>>>> authz file looks like and which action exactly fails + the error
>>>> message
>>>> you get.
>>>>
>>>> Lieven.
>>>>
>>>>
>>> 1) I configure svnserve to read a common (central) to all repositories
>>> authz file, here /svn/authz.s2ia, note that syntax is
>>> [repository:/folder]
>>>
>>> [svn@share /svn/s2ia/procacci/conf]
>>> $ grep authz svnserve.conf
>>> authz-db = /svn/authz.s2ia
>>> #authz-db = authz
>>>
>>> /svn/authz.s2ia contains
>>> [groups]
>>> s2ia = procacci,tutu
>>> [/]
>>> @s2ia = r
>>> * =
>>> [procacci:/]
>>> procacci = rw
>>> * =
>>> [procacci:/trunk]
>>> procacci = rw
>>>
>>> then procacci wants to write to its repository , but he's get a
>>> authorization failed :-(
>>> [procacci@anaconda ~/checkout]
>>> $svn checkout svn+ssh://svn@share.int-evry.fr/svn/s2ia/procacci/ ; cd
>>> checkout/procacci/trunk/scripts
>>> $svn add test.sh
>>> A test.sh
>>> [procacci@anaconda ~/checkout/procacci/trunk/scripts]
>>> $svn commit -m "added test.sh"
>>> svn: Commit failed (details follow):
>>> svn: Authorization failed
>>>
>>>
>>> 2) If I set a local authz file for the repository
>>>
>>> [svn@share /svn/s2ia/procacci/conf]
>>> $ grep authz svnserve.conf
>>> #authz-db = /svn/authz.s2ia
>>> authz-db = authz
>>>
>>> /svn/s2ia/procacci/conf/authz contains: (note that syntax is now
>>> [/folder] )
>>>
>>> [/]
>>> procacci = rw
>>> * = r
>>> [/trunk]
>>> procacci = rw
>>> * =
>>>
>>> user procacci can now add the file
>>>
>>> [procacci@anaconda ~/checkout/procacci/trunk/scripts]
>>> $svn commit -m "add test.sh"
>>> Adding scripts/test.sh
>>> Transmitting file data .
>>> Committed revision 3.
>>>
>>> So I concluded that [repository:/folder] syntax is not "honored" by
>>> svnserve . all my exemples with the central /sv/authz.s2ia file acl
>>> works very fine with Dav acces .
>>>
>>> 3) An other proof of my problem, now that test.sh has been added, I
>>> switch back to /svn/authz.s2ia for svnserve config (authz-db =
>>> /svn/authz.s2ia)
>>> I modifie locally test.sh
>>> then:
>>> [procacci@anaconda ~/checkout/procacci/trunk/scripts]
>>> $svn commit -m "mod test.sh"
>>> Sending scripts/test.sh
>>> Transmitting file data .svn: Commit failed (details follow):
>>> svn: Access denied
>>>
>>> What's wrong ? why some on this list mention the same problem and for
>>> other (on 1.4 !) that does work ?
>>>
>>> Thanks.
>>>
>>> PS: svn+ssh works trough the svn account this way
>>> svn+ssh://svn@share.int-evry.fr:/svn/repository/user
>>> and ssh authorized_keys in svn account contain public keys of users,
>>> allowing them to start the command svnserve -t --tunnel-user=login
>>> [svn@share ~/.ssh]
>>> $ cat authorized_keys
>>> command="svnserve -t --tunnel-user=procacci" ssh-rsa AAAAB_LONG_KEY
>>> ...=
>>> procacci@elaphe.int-evry.fr
>>>
[groups]
admins = lgo
[/]
@admins = r
* =
[repos1:/]
lgo = rw
* =
[repos1:/trunk]
lgo = rw
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.
[users]
lgo = lgo
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.tigris.org/ for more information.
[general]
### These options control access to the repository for unauthenticated
### and authenticated users. Valid values are "write", "read",
### and "none". The sample settings below are the defaults.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the conf directory.
### Uncomment the line below to use the default password file.
password-db = /subversion/test/passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the conf
### directory. If you don't specify an authz-db, no path-based access
### control is done.
### Uncomment the line below to use the default authorization file.
authz-db = /subversion/test/authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
realm = Test repository
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Oct 28 00:32:17 2006