[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Incomplete checkout with authz

From: Michael Mattes <sirprize_at_sodge.org>
Date: 2007-08-13 20:37:36 CEST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

thanks for the reply!

Christoph Ludwig wrote:
> The important bit here is "the path being accessed". I am not 100% sure, but,
> IIUC, this refers only to the path you pass as argument to checkout. The
> subversion modules do not check all subfolders if any of them requires
> authentication. Since https://sodge.org/svn/menouthis/ can be read by
> anonymous users, the server never asks for user credentials.

That would indeed explain the behaviour. I suppose it was implemented
like that because of access speed.

To solve (or better: work around) the problem in my case, I will forbid
truely anonymous access and add a user named "svn", ith an empty
password. The following Apache directive will give instructions:
AuthName "Welcome to the sodge.org Subversion Server. Username: svn, no
password."

If anyone knows a better solution, I'd be glad to hear it.

> I agree that the book could discuss the consequences of this behaviour more
> explicitly and provide examples.

Anyone with the rights to commit to the svn book is free to modify and
add this text to the book at an appropriate place, no credit necessary:

Beware that mixing path-based authorization with anonymous access can
lead to a situation where access-restricted files and subfolders in an
anonymously accessible folder cannot be checked out normally.
To circumvent this, one can deactivate truely anonymous access and
instead create a user without password, which could be called
"anonymous" or "svn". This will force the Subversion server to check for
folders requiring authorization.

Regards,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwKTBIxZ6GJZI+ocRAj/hAKChd0CmCxq8CLFVBhRlv0KeicaSggCgrQiF
yuatm2bimv1ZYmNSr+6I8w0=
=BtMZ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 13 20:35:29 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.