[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Subversion authorization problems

From: Attila Nagy <bra_at_fsn.hu>
Date: Tue, 24 Mar 2009 16:51:25 +0100

Hello,
(I'm not subscribed to the list, please keep me in CC)

I have an FSFS repository, accessible only through apache with
mod_dav_svn. I have to use strict access controls (even for reads), so I
utilize AuthzSVNAccessFile.
Sometimes between upgrading from 1.4 to 1.5 the users have started to
complain about occasional authentication errors, which could be solved
only by deleting and checkouting their local repository.

The problem manifests in the following error:

$ svn update
svn: Server sent unexpected return value (403 Forbidden) in response to
OPTIONS request for 'https://repo/svn'
 
repo/svn is the root of the repository, to which the user don't have any
rights.
If the user deletes the local copy and issues a new svn checkout,
everything works for sometime, but later the same error occurs again.

In the above example he wants to update repo/svn/docs/iplists, for which
he has rights.

The svnaccess file contains (a lot more, but these two are relevant here):
[/]
@svnadmin = rw

[/docs/iplists]
* = rw

The given user is not in the svnadmin group (the members of that group
of course don't see these kind of errors).

This problem occurs at different places too, where the scenario is the
same (/ has limited access, and the user has only access to a deeped
directory).

We couldn't notice such strange errors before the 1.4->1.5 switch (on
the server) as far as I can remember...
BTW, I remember that I've tried to change from neon to serf (but I don't
remember where, only on the server, or on one of our clients) in the
1.4-era, which resulted similar errors, so I've switched back to neon.

The apache config:
<IfModule mod_dav_svn.c>
<Location /svn>
        AuthType basic
        AuthName "SVN authentication"
        Satisfy Any
        Order allow,deny
        Allow From all
        Require valid-user
        AddHandler mod_python .py
        PythonAuthenHandler pop3auth
        PythonPath "sys.path+['/usr/local/bin']"
        DAV svn
        SVNPath /data/svnrepo
        AuthzSVNAccessFile /data/svnadmin/svnaccess
</Location>
</IfModule>

Versions:
svn: 1.5.4
apache: 2.2.9
OS: FreeBSD 7-STABLE

Any ideas?

Thanks,

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1403371

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-25 00:35:23 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.