On Wed, Sep 23, 2009 at 09:59:32AM +0200, Udo Rader wrote:
> Hi,
>
> I am facing some troubles with a "conflict" between ACLs vs. allowing
> users to create tags.
>
> User connect via dav_svn, the AuthzSVNAccessFile looks similar like this:
>
> ------CUT------
> adminUsers = fred,wilma
>
> [/restricted/project]
> foo = rw
>
> [/]
> * =
> @adminUsers = rw
> ------CUT------
>
> Now if the "foo" user wants to create a tag like this ...
>
> ------CUT------
> svn copy https://svn.example.com/repos/restricted/project/trunk
> https://svn.example.com/repos/restricted/project/tags/1.0 -m "creating
> the 1.0 tag"
> ------CUT------
>
> ... I then get a "403 Forbidden" error, because the client tries to
> access repos/:
>
> ------CUT------
> [Wed Sep 23 09:42:37 2009] [error] [client 192.168.123.123] Access
> denied: 'foo' PROPFIND repos:/
> ------CUT------
>
> The only "workaround" I found so far is to make the entire repository
> readable for the user.
>
> So how can I allow user "foo" to create tags within the restricted
> project without making the entire repository readable for him?
Sorry to say there's a bug (rather, design issue, hence not trivial
to fix) which makes this impossible.
You'll have to allow read-only access to the root until this problem
is fixed: http://subversion.tigris.org/issues/show_bug.cgi?id=3242
Stefan
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2398865
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-23 14:48:13 CEST