[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Access control bug in SVN >= 1.5.3

From: Gleason, Todd <tgleason_at_impac.com>
Date: Tue, 24 Feb 2009 14:45:07 -0800

> Hello,
>
> I've posted the following bug report to dev@ mailing list about a
month
> ago.
> As it got no response I'm going to repeat it here.
>
> The bug must have been introduced somewhere between 1.5.3 and 1.5.5,
as
> we've
> noticed it after the upgrade of both client and server sides from
1.5.2 to
> 1.5.5.
>
> For a repository, some users are granted full rw access from the root
> downwards, while other users
> may access only specific subtrees in it. The access.conf looks like
this:
>
> @full = user1,user2
>
> [Repo:/]
> @full = rw

Have you tried adding to here:

otheruser = r

>
> [Repo:/some/path/beneath]
> otheruser = rw
>
> Now this restricted user can check-out his working copy of
> /some/path/beneath without problem.
> He can also make queries with `svn status -u' or `svn info http://URL'
.
> But an attempt to make an
> update of the working copy leads to the following mysterious message:
>
> svn: Server sent unexpected return value (403 Forbidden) in response
to
> OPTIONS request for 'http://our.server/svn/Repo'
>
> In the server log the following record appears:
>
> Access denied: 'otheruser' OPTIONS Repo:/
> Provider encountered an error while streaming a REPORT response.
[500,
> #0]
> A failure occurred while driving the update report editor [500,
#190004]
>
> It gives the impression that `svn update' tries to access something at
the
> root of the repository,
> which it formerly (<=1.5.2) did not need. (We have no external
subsets in
> this repository).
> If it is not a bug but a new feature, it effectively renders our
> permission scheme absolutely useless.

If it's a root-level issue, maybe the suggestion above about giving
read-only access at the root level will work for you.

As to why access above that level is needed, I don't know. Maybe
something related to mergeinfo?

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1223049

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-02-24 23:46:13 CET

This is an archived mail posted to the Subversion Users mailing list.