Re: Incomplete checkout with authz

Hi,

On Sat, Aug 11, 2007 at 07:38:22PM +0200, Michael Mattes wrote:
> I have a question regarding path-based authorization. I'm using svn over
> https with the following dav_svn.authz file (reduced to relevant parts,
> also see the Apache2 config at the bottom):
>
> [menouthis:/]
> sirprize = rw
> * = r
> [menouthis:/unstable/secret]
> sirprize = rw
> * =
>
> When checking out anonymously, the "secret" folder does not get checked
> out, as expected. But when I tried checking out like that:
> svn co --username sirprize https://sodge.org/svn/menouthis/ menouthis
> it did not work as well.
> I also noticed that the log messages and timestamps of commits to the
> secret directory are not shown anymore in "svn log", even when svn knows
> my password.

the SVN book has the following text in
<URL:http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html>:

  "If you've configured your server block to allow a mixture of anonymous and
  authenticated access, all users start out accessing anonymously. The server
  looks for a * value defined for the path being accessed; if it
  can't find one, then it demands real authentication from the client."

The important bit here is "the path being accessed". I am not 100% sure, but,
IIUC, this refers only to the path you pass as argument to checkout. The
subversion modules do not check all subfolders if any of them requires
authentication. Since https://sodge.org/svn/menouthis/ can be read by
anonymous users, the server never asks for user credentials.

I agree that the book could discuss the consequences of this behaviour more
explicitly and provide examples.

Regards

Christoph

-- 
FH Worms - University of Applied Sciences
Fachbereich Informatik / Telekommunikation
Erenburgerstr. 19, 67549 Worms, Germany
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org