[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: On commit attempt, Server sent unexpected return value (403 Forbidden) in response to CHECKOUT

From: Tony Sweeney <tsweeney_at_omnifone.com>
Date: Sat, 1 Jan 2011 17:20:59 -0000

 

 

________________________________

From: Benjamin.Ortega_at_wellsfargo.com
[mailto:Benjamin.Ortega_at_wellsfargo.com]
Sent: 01 January 2011 17:13
To: users_at_subversion.apache.org
Subject: On commit attempt, Server sent unexpected return value (403
Forbidden) in response to CHECKOUT

 

I'm trying to integrate a SVN Authz authorization file with apache
configuration files to provide a solution for not just directory level
restrictions, but also file level restrictions. It's my understanding
that the SVN Authorization file is not capable of handling file-specific
restrictions, only directory level.

The SVN Authz file is set up and i'm able to use it with absolutely no
issues what-so-ever. If I switch to using just the Apache Conf file by
itself, it works exactly as expected with no issues. But if I combine
them I get something very weird. Everything works just fine, except the
trying to commit the file that was restricted by the following
Location/Limit:

<Location "/subversion/repo/*/*/*/folder/structure/RestrictedFile">
<Limit PUT>
Require user my_username
</Limit>
</Location>

I'm able to view, update, and checkout the file, and am able to do
anything (checkout, commit, etc) to other files in the same directory,
but when I attempt perform a commit of changes to the "RestrictedFile",
I get the following error:
Error: Commit failed (details follow):
Error: Server sent unexpected return value (403 Forbidden) in response
to CHECKOUT
Error: request for
'/subversion/repo/!svn/ver/110/folder/structure/RestrictedFile'

the apache access log file gives me the following:
ip_address - - [30/Dec/2010:15:49:58 -0600] "OPTIONS
/subversion/repo/folder/structure HTTP/1.1" 401 1337
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "OPTIONS
/subversion/repo/folder/structure HTTP/1.1" 200 -
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND
/subversion/repo/folder/structure HTTP/1.1" 207 816
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "OPTIONS
/subversion/repo/folder/structure HTTP/1.1" 200 195
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "MKACTIVITY
/subversion/repo/!svn/act/71f51505-a174-8349-ab61-843f80a40f8f HTTP/1.1"
201 234
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND
/subversion/repo/!svn/vcc/default HTTP/1.1" 207 414
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "CHECKOUT
/subversion/repo/!svn/bln/110 HTTP/1.1" 201 250
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPPATCH
/subversion/repo/!svn/wbl/71f51505-a174-8349-ab61-843f80a40f8f/110
HTTP/1.1" 207 469
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND
/subversion/repo/folder/structure HTTP/1.1" 207 526
ip_address - - [30/Dec/2010:15:49:59 -0600] "CHECKOUT
/subversion/repo/!svn/ver/110/folder/structure/RestrictedFile HTTP/1.1"
403 1021
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "DELETE
/subversion/repo/!svn/act/71f51505-a174-8349-ab61-843f80a40f8f HTTP/1.1"
204 -

If I remove the <Location...> entry listed above, i'm able to commit
just fine.

My svnauthz file basically has this:

[/]

* =

my_username = rw

The ordering is important. Authz uses the fist match. The first rule
matches for all users, including 'my_username', so the second rule is
ignored. Try swapping the order of the directives, i.e.

[/]

my_username = rw

* =

If I change "* = " to "* = r", I get the same issue. If I change it to
"* = rw", I'm able to commit.

Benjamin Ortega

Benjamin Ortega
----------------------------------------------
Operations Systems Engineer
Wells Fargo Bank, Des Moines, IA
CORE Build & Deploy Team
* : Benjamin.Ortega_at_WellsFargo.com
<mailto:Benjamin.Ortega_at_WellsFargo.com>
* : 515-720-2700 (cell)

MAC: X2301-01X

This transmission may contain information that is confidential and/or
proprietary. If you are not the individual or entity to which it is
addressed, note that any review, disclosure, copying, retransmission, or
other use is strictly prohibited. If you received this transmission in
error, please notify the sender immediately and delete the material from
your system.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Received on 2011-01-01 18:21:39 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.