[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion access control

From: Andy Levy <andy.levy_at_gmail.com>
Date: Tue, 19 Jul 2011 06:59:32 -0400

On Tue, Jul 19, 2011 at 06:50, Andy Canfield <andy.canfield_at_pimco.mobi> wrote:
> OFF THE SUBJECT OF APACHE, NOW TRYING TO ACCESS SVNSERVE VIA PORT 3690
>
> /var/svn/config/svnserve.conf has been changed from the default to show
> anon-access = none
> password-db = passwd
> authz-db = authz
>
> The passwd file contains
> andy = canfield
>
> The authz file contains:
> [/sample]
> andy = rw
>
> The repository /var/svn/sample contains a subdirectory 'conf' containing
> svnserve.conf, passwd, and authz files which are symbolic links to the files
> in /var/svn/config.
>
> The svnserve was run with this command:
> /usr/bin/svnserve --daemon --root=/var/svn
> --config-file=/var/svn/config/svnserve.conf
>
> I have one repository defined named "sample". The command:
>     svn info svn://localhost/sample
> Gave this response:
> Authentication realm: <svn://localhost:3690>
> 5a3a5c16-49ac-46d9-b1e8-d48cc97c4754
> Password for 'andy':
> Authentication realm: <svn://localhost:3690>
> 5a3a5c16-49ac-46d9-b1e8-d48cc97c4754
> Username: andy
> Password for 'andy':
> -----------------------------------------------------------------------
> ATTENTION!  Your password for authentication realm:
>
>    <svn://localhost:3690> 5a3a5c16-49ac-46d9-b1e8-d48cc97c4754
>
> can only be stored to disk unencrypted!  You are advised to configure
> your system so that Subversion can store passwords encrypted, if
> possible.  See the documentation for details.
>
> You can avoid future appearances of this warning by setting the value
> of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
> '/Users/andy/.subversion/servers'.
> -----------------------------------------------------------------------
> Store password unencrypted (yes/no)? yes
> svn: Authorization failed
>
> [1] Why does it ask for the password for "andy", then ask for a user name
> and password?

Because the first attempt, it assumed the same ID that you use to log
onto the host system or it had cached that ID previously. When that
authentication failed, it prompted for a new set of credentials.

> [2] What is an authentication realm?

Google can explain it better than I.

> [3] Why does it talk about STORING my password, when as far as I know all
> subversion does is check your password against the contents of the passwd
> file.

Subversion caches your credentials locally unless you tell it not to.

> [4] Why doesauthentication fail?
>
> [5] Why does authentication fail immediately afer the first time?

Because your authentication configuration setup is invalid and the
server can't figure out how to properly authenticate you.

> [6] I now have an entire directory tree named ".subversion" in my home
> directory. I have no idea what any of this stuff is or is supposed to be. Is
> this what is blocking me from my repository?

This is where your client stores its local configuration information.

> [7] The repository was created by svnadmin create ... which has to be
> executed as root. Does this mean that only root can access this repository
> from now on? That doesn't make sense.

svnadmin create can be executed by anyone. The permissions required
are due to the ACL on the directory in which you created the
repository. The user ID under which your Subversion server process
executes must have full permission on this directory. IOW - change
ownership to whatever ID svnserve is running under.
Received on 2011-07-19 13:00:54 CEST

This is an archived mail posted to the Subversion Users mailing list.