[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

authz problem, trying to protect a subfolder

From: Wolfgang Frisch <xororand_at_unfoog.de>
Date: 2007-08-14 17:17:00 CEST


For quite a while, I've tried to setup a subversion repository with the
following requirements:

   1. Accessible via svnserve
   2. / is readable by anyone
   3. /subfolder is only readable/writable for a certain user

I've achieved everything but requirement number 3. Removing anonymous
write access works just fine, but removing read access too doesn't.
Then, I tried to make the problem reproducable. To verify it wasn's a
distribution specific issue, I tried it with these
Distribution/Subversion combinations:

    * Gentoo Linux x86 / SVN 1.3.2-r4
    * Gentoo Linux x86 / SVN 1.4.4-r3
    * Ubuntu Linux x86 / SVN 1.4.3dfsg1-1ubuntu1

Steps to reproduce:

    * In order to rule out any filesystem permission problems, run
      svnserve as root:
      svnserve -d -r /var/svn/ --foreground

    * svnadmin create /var/svn/myrepo

    * Setup the repository configuration files:
      --- /var/svn/myrepo/conf/svnserve.conf:
      anon-access = read
      auth-access = write
      password-db = passwd
      authz-db = authz
      realm = My Repo Name

      --- /var/svn/myrepo/conf/passwd:
      johndoe = xyz

      --- /var/svn/myrepo/conf/authz:
      johndoe = rw
      * = r

      johndoe = rw
      * =

    * [Works]: As user johndoe, run:
               svn mkdir svn://myserver/myrepo/subfolder
    * [Works]: As the user johndoe, run:
               svn ls svn://myserver/myrepo/subfolder
    * [Error]: As the user johndoe, run:
               svn co svn://myserver/myrepo/subfolder

After a few seconds, svn replies with the error message: svn: Not
authorized to open root of edit operation

Wolfgang Frisch
Jabber: wolf@unfoog.de

Received on Tue Aug 14 17:15:11 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.