[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

authz denies everything?

From: Dan Stromberg <strombrg_at_gmail.com>
Date: Wed, 28 Oct 2009 23:38:15 -0700

I'm trying to get authz to allow read/write for some users, and read
only for others.

I have apache set up like so:

<Location /svn>

   # Uncomment this to enable the repository
   DAV svn

   # Set this to the path to your repository
   SVNPath /var/svn/repos

   AuthType Basic
   AuthName "DRS' Subversion Repository"
   AuthUserFile /etc/apache2/dav_svn.passwd

   # To enable authorization via mod_authz_svn
   AuthzSVNAccessFile /etc/apache2/dav_svn.authz

   <LimitExcept GET PROPFIND OPTIONS REPORT>
     Require valid-user
   </LimitExcept>

</Location>

My /etc/apache2/da_svn.authz looks like:

[groups]
read_all = anonymous
read_write_all = dstromberg

[/]
@read_all = r
@read_write_all = rw

If I comment out the AuthzSVNAccessFile, then both users can read and
write to my only repository.

As soon as I put back the AuthzSVNAccessFile line, both dstromberg and
anonymous are denied a simple mkdir with:

I do have an /etc/apache2/dav_svn.passwd file, with what looks like MD5
hashes in it.

svn: Server sent unexpected return value (403 Forbidden) in response to
OPTIONS request for 'http://localhost/svn'

I ran svnauthz-validate against /etc/apache2/ddav_svn.authz, and it
terminates with no tty output, and an exit code of 0.

I also ran strace's against all of my apaches while doing an mkdir, and
they don't show any "E errors" that look relevant. It just reads the
authz file and reports back that the access was denied.

Any suggestions? I'd like the fine grained control of authz.

Thanks!

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2412402

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-29 07:43:23 CET

This is an archived mail posted to the Subversion Users mailing list.