Hi,
I use subversion 1.4.4 (with Apache httpd 2.2.4) on a Linux machine. (I pasted
the relevant excerpt from my vhost configuration at the end of this mail.)
I have a repository named "test" and an authz file with the following content:
[/]
* =
Alice = rw
Bob = r
Oskar =
[/dir1/dir1_1/]
Bob = rw
[/dir1/dir1_2/]
Oskar = r
[/dir2/]
Alice =
The description in
<URL:http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html>
made me expect that Alice can checkout every folder except /dir2. However:
cludwig_at_testserver:~$ /opt/subversion-1.4.4/bin/svn co --username Alice --no-auth-cache https://testserver.fh-worms.de:8443/svn/test/TRUNK/ trunk_alice
Authentication realm: <https://testserver.fh-worms.de:8443> subversion repositories
Password for 'Alice':
A trunk_alice/dir1
A trunk_alice/dir1/dir1_1
A trunk_alice/dir1/dir1_1/file_a
A trunk_alice/dir1/dir1_2
A trunk_alice/dir1/dir1_2/file_b
A trunk_alice/dir2
A trunk_alice/dir2/file_c
Checked out revision 1.
Alice can checkout /dir2 without problems. (She can even commit modifications
in /dir2.
Now to Bob. Bob can read / checkout everything as expected. But
any attempt to checkin a changed file results in a "403 Forbidden"
error, even in /dir1/dir1_1:
cludwig@testserver:~/trunk_bob/dir1/dir1_1$ echo test_bob > file_a
cludwig@testserver:~/trunk_bob/dir1/dir1_1$ /opt/subversion-1.4.4/bin/svn ci -m 'Can Bob write to /dir1/dir1_1 ?' --username Bob --no-auth-cache
Authentication realm: <https://testserver.fh-worms.de:8443> subversion repositories
Password for 'Bob':
Sending dir1_1/file_a
svn: Commit failed (details follow):
svn: CHECKOUT of '/svn/test/!svn/ver/2/TRUNK/dir1/dir1_1/file_a': 403 Forbidden (https://testserver.fh-worms.de:8443)
Finally, my intention was that Oskar has full access to /dir1/dir1_2/, but to
no other folder. I know that (some) previous subversion releases required read
access to / if one wanted any access to a subfolder, but I thought this
restriction was lifted in 1.4. However, Oskar cannot even checkout
/dir1/dir1_2/:
cludwig_at_testserver:~$ /opt/subversion-1.4.4/bin/svn co --username Oskar --no-auth-cache https://testserver.fh-worms.de:8443/svn/test/TRUNK/dir1/dir1_2 dir1_2_oskar
Authentication realm: <https://testserver.fh-worms.de:8443> subversion repositories
Password for 'Oskar':
svn: PROPFIND request failed on '/svn/test/TRUNK/dir1/dir1_2'
svn: PROPFIND of '/svn/test/TRUNK/dir1/dir1_2': 403 Forbidden (https://testserver.fh-worms.de:8443)
It seems either I completely misunderstood how path based access control is
supposed to work or there is some bug... I'd appreciate any help.
Regards
Christoph
Apache configuration excerpt:
<IfModule mod_dav_svn.c>
<Location /svn/>
DAV svn
# the "test" repository is in /srv/svn/test
SVNParentPath /srv/svn/
# Don't ask for client certificates
SSLVerifyClient none
# Authenticate by a simple password file.
AuthName "subversion repositories"
AuthType basic
AuthUserFile /srv/svn/test/conf/httpd.passwd
#################
# Authorization #
#################
# try anonymous access first, resort to real
# authentication if the authorization policy
# makes it necessary.
satisfy any
require valid-user
# authorization policy file
AuthzSVNAccessFile /srv/svn/test/conf/authz
</Location>
<Directory /srv/svn>
Options +Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
order allow,deny
allow from all
</Directory>
</IfModule>
--
FH Worms - University of Applied Sciences
Fachbereich Informatik / Telekommunikation
Erenburgerstr. 19, 67549 Worms, Germany
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 14 14:48:11 2007