[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Re: Re: please help about SVN authentication

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Thu, 2 Sep 2010 10:10:44 +0200

Please do not top-post on this list (i.e. put your reply below the
thing you're replying to, not above it). Now on to the matter at
hand...

2010/9/2 alinagra <alinagra_at_163.com>:
> actually I use svnserve, no Apache/http access.
> and I have several repositories under the svn directory.
> It looks like this:
> svn
> ---prj1 repo
> ---prj2 repo
> ---prj2 repo
>
> and this issue happens in every repo.
>
>
>
>
> At 2010-09-01 17:36:29,"Erik Andersson" <kirean_at_gmail.com> wrote:
>
>
> 2010/9/1 alinagra <alinagra_at_163.com>
>>
>> Here is the repo arch:
>>
>> /trunk
>>     ----/folder a
>>     ----/folder b
>>     ----/folder c
>>     ----/access
>>
>> /tag
>>
>> I think this is the most common case, and it seems if one doesn't have
>> access right, he can not create a tag for /trunk.
>> or is there something wrong with my configuration?
>
> Are you using the SVNParentPath or SVNPath directive?
> Can you show us your Subversion section for Apache?
>>
>>
>> At 2010-09-01 14:11:07,"Erik Andersson" <kirean_at_gmail.com> wrote:
>>
>>
>> 2010/9/1 alinagra <alinagra_at_163.com>
>>>
>>> Hi, buddies,
>>>
>>> I have setup a SVN server and  I use SASL authentication. But right now I
>>> have a authz question:
>>> I can create tags with accont TIM, but when I try to create a tag with
>>> the account not  jim, it reports "access denied" error.
>>
>> Where do you create tags?
>>>
>>> Does anyone know why? Thanks in advance
>>>
>>> Here is my authz file:
>>> ### This file is an example authorization file for svnserve.
>>> ### Its format is identical to that of mod_authz_svn authorization
>>> ### files.
>>> ### As shown below each section defines authorizations for the path and
>>> ### (optional) repository specified by the section name.
>>> ### The authorizations follow. An authorization line can refer to:
>>> ###  - a single user,
>>> ###  - a group of users defined in a special [groups] section,
>>> ###  - an alias defined in a special [aliases] section,
>>> ###  - all authenticated users, using the '$authenticated' token,
>>> ###  - only anonymous users, using the '$anonymous' token,
>>> ###  - anyone, using the '*' wildcard.
>>> ###
>>> ### A match can be inverted by prefixing the rule with '~'. Rules can
>>> ### grant read ('r') access, read-write ('rw') access, or no access
>>> ### ('').
>>>
>>> [groups]
>>> # harry_and_sally = harry,sally
>>> aa = TIM
>>>
>>> [test:/]
>>> * = rw
>>>
>>> [test:/trunk/access]
>>> @aa = rw
>>> * =

You need to have read access to an entire subtree if you want to
create a tag from it. A tag in SVN is essentially a copy of the
subtree to another location (typically the /tags subdirectory on the
repository). If people could create tags of a part of the repository
to which they don't have full read access, they could also just create
a copy to any location in which they have full access, bypassing the
authz security.

So in your case: if people other that TIM need to create tags from
trunk (or trunk/access), they'll need to have read access on
/trunk/access (* = r).

Or am I misunderstanding something? Are they trying to create tags
from siblings of /trunk/access, to which they have full access?

Cheers,

-- 
Johan
Received on 2010-09-02 10:11:26 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.