[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ACLs vs tags

From: Stefan Sperling <stsp_at_elego.de>
Date: Wed, 23 Sep 2009 13:47:08 +0100

On Wed, Sep 23, 2009 at 09:59:32AM +0200, Udo Rader wrote:
> Hi,
>
> I am facing some troubles with a "conflict" between ACLs vs. allowing
> users to create tags.
>
> User connect via dav_svn, the AuthzSVNAccessFile looks similar like this:
>
> ------CUT------
> adminUsers = fred,wilma
>
> [/restricted/project]
> foo = rw
>
> [/]
> * =
> @adminUsers = rw
> ------CUT------
>
> Now if the "foo" user wants to create a tag like this ...
>
> ------CUT------
> svn copy https://svn.example.com/repos/restricted/project/trunk
> https://svn.example.com/repos/restricted/project/tags/1.0 -m "creating
> the 1.0 tag"
> ------CUT------
>
> ... I then get a "403 Forbidden" error, because the client tries to
> access repos/:
>
> ------CUT------
> [Wed Sep 23 09:42:37 2009] [error] [client 192.168.123.123] Access
> denied: 'foo' PROPFIND repos:/
> ------CUT------
>
> The only "workaround" I found so far is to make the entire repository
> readable for the user.
>
> So how can I allow user "foo" to create tags within the restricted
> project without making the entire repository readable for him?

Sorry to say there's a bug (rather, design issue, hence not trivial
to fix) which makes this impossible.
You'll have to allow read-only access to the root until this problem
is fixed: http://subversion.tigris.org/issues/show_bug.cgi?id=3242

Stefan

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2398865

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-23 14:48:13 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.