Similar issues have been recently discussed. You may wish to browse:
http://subversion.tigris.org/servlets/BrowseList?list=users&by=thread&from=641547
http://subversion.tigris.org/servlets/BrowseList?list=users&by=thread&from=644685
This has also been recently reported on the dev list, see:
http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=641721
Finally, this also exists as an official issue at:
http://subversion.tigris.org/issues/show_bug.cgi?id=2907
But as the core developers are busy with the upcoming 1.5 release this
appears to be falling under the radar.
On Tue, 2008-04-08 at 15:42 -0500, Matthew Boehm wrote:
> Hello All,
> I have a repository, myproject, at /var/svn/myproject/. My
> svnserve.conf looks like this:
>
> [general]
> password-db = /var/svn/myproject/.svnpasswd
> authz-db = /var/svn/myproject/authz
> realm = My Project
>
> My authz looks like this:
>
> ---------------------------------------------------
> [groups]
> developers = jtrades, bblack, csmartt, ekreston
> admins = jtrades
>
> [/]
> * =
>
> [myproject:/trunk]
> @developers = rw
> @admins = rw
>
> [myproject:/branches]
> @developers = r
> @admins = rw
>
> [myproject:/branches/RELEASE-1.0]
> csmartt =
> ---------------------------------------------------
>
> What the above attempts to accomplish:
> 1) deny anon access to everything
> 2) allow developers and admins rw to trunk
> 3) allow developers read-only to all branches, admins rw
> 4) allow developers read-only, admins rw, and deny csmartt to RELEASE-1.0
>
> Here are the issues:
>
> svn co svn://localhost/myproject/trunk mytrunk
> Authentication realm: <svn://localhost:3690> myproject
> Password for 'csmartt': XXXXX
> svn: Not authorized to open root of edit operation
>
> What does that mean? csmartt is part of the developers group and that
> group has rw on /trunk so whats this mean?
>
> Same error when csmartt tries to checkout /trunk or any other /branch.
>
> If I alter the [/] to be * = r, then csmartt can now checkout trunk
> albeit, anonymously; which we don't want.
>
> csmartt can now also checkout RELEASE-1.0 which we want to deny.
>
> Any ideas? Can someone provide their authz file for learning purposes?
>
> Thanks,
> Matthew
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
>
--
----------------------
Mark S. Reibert, Ph.D.
svn_at_reibert.com
----------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-04-09 08:34:29 CEST