> > From: K F [mailto:cmkforce_at_yahoo.com]
> > Sent: 05 May 2010 20:43
> >
> > The
repo in on a Unix box located at svnrepo/sandbox
> > accessing
via tortoise on a windows machine with the latest
> >
releases. When I try to do a commit as user dev1, psswd dev1,
>
> I get the following error:
> >
> > Command:
Commit
> > Error: Commit failed (details follow):
>
> Error: Authorization failed
>
> Finished!:
>
>
> > I am not sure what is wrong. I did some searching on
the web
> > and can't find anything wrong with what I am
doing. Here is
> > what I have in the pertinent files.
>
>
> > passwd file:
> > dev1 = dev1
> >
dev2 = dev2
> > dev3 = dev3
> >
> > authz
file:
> > [aliases]
> >
> > [groups]
>
> deva = dev1, dev2
> > devb = dev3
> >
>
> [svnrepo/sandbox:/]
> > deva = rw
> > devb = r
>
> Personally I had some issues with using [groups] that I
>
unfotunately did
> not have time to resolve. I suggest that you
start by using the
> usernames (dev1 etc) directly in the authz
file to test:
>
> Also, I think that [svnrepo/sandbox:/] is
wrong. I would only ever
> expect to see one name before the
slash (a specific repo in a
> parentpath
> setup) then the
path within the repo comes after the ":/".
>
>
[sandbox:/]
> dev1 = rw
> dev2 = rw
> dev3 = r
>
> If you only have one repo / are not using parentpath then you
can just
> set the default global access level:
>
>
[/]
> dev1 = rw
> dev2 = rw
> dev3 = r
>
>
Are you using parentpath in your setup? Unless your client
> is
1.6.11+,
> you need to grant read access to the root (you do seem
to be
> doing that,
> just thought it worth mentioning).
>
> Finally, a link to path-based authorization in the nightly red
book:
>
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.h
tml
>
>
> ~ mark c
>
> > svnserve.conf file:
>
> [general]
> > anon-access=none
> >
auth-access=write
> >
> > password-db=passwd
>
>
> > authz-db=authz
> >
> From: K F
[mailto:cmkforce_at_yahoo.com]
> Sent: 06 May 2010 13:36
>
> Mark,
>
>
I looked at the link you offered for Path-Based Authorization
>
and really didn't see anything that I haven't tried. Based on
>
your suggestions, to get it to work I am not using groups and
>
am simply using the usernames.
>
> [/]
> dev1 = rw
>
dev2 = rw
> dev3 = r
>
> As you can see I am also
using the global level access. This
> all seems to work. I would
still like to try and get the
> groups to work if anyone has any
other ideas.
>
> Thanks,
> Rich
>
Dang! I
missed the obvious problem which is that according to the Red
Book
link you need to prefix group names with '@' which gives:-
>
authz file:
> [aliases]
>
> [groups]
> deva =
dev1, dev2
> devb = dev3
>
> [svnrepo/sandbox:/]
>
@deva = rw
> @devb = r
...let me know if it works!
(and
for completeness: Aliases need to be prefixed by '&' which does
work
for me) Hmm, perhaps my problem with groups was trying to create
groups
just of aliases e.g.
[aliases]
user1=joe90
user2=adameve
user3=spod
[groups]
devs=&user1,
&user2
test=&user2, &user3
[/]
@devs = rw
@test
= r
Can anyone else confirm if this should /does (not) work?
~
mark c
Mark,
I had seen that in the book also and
tried it with no luck. My latest try was:
[aliases]
dev10 =
dev1
dev20 = dev2
dev30 = dev3
[groups]
deva =
&dev10, &dev20
devb = &dev30
[/]
&deva = rw
&devb
= r
This returns an error on commit of:
Error: Commit failed
(details follow):
Error: An authz rule refers to alias '&deva',
which is undefined
Still looking at it to see if it something I
am just missing sometjhing or doing something wrong.
Rich
===========
So
I inserted an & instead of a @ at the bottom and that fixed things.
@deva
= rw
@devb = r
Just to clarify, in order to use authz you
need to set up aliases? Unless I set aliases up it doesn't appear to
work. Looking at the book, I do not see why aliases are required. If
anyone can explain the reasoning or explain why I am wrong I would
appreciate it.
Thanks,
Rich
More testing reveals that aliases are not needed. Here is what works:
With Groups
[aliases]
dev10 = dev1
dev20 = dev2
dev30 = dev3
[groups]
deva = &dev10, &dev20
devb = &dev30
[/]
@deva = rw
@devb = r
------------------------------
Without Groups
My problem was that I thought the ampersand was only necessary if you used aliases.
I hope this helps anyone else that may have had problems.
Rich
Received on 2010-05-07 18:05:42 CEST