Billy Buzzard wrote on Fri, Sep 02, 2016 at 17:48:34 +0000:
> Daniel the configuration is very similar to mine and it only partially
> works. Did you test your configuration by using "svn log" from the
> command line? I did and it still has the same problem.
>
> D:\projects\foo>svn log svn://myrepo/projects/foo
> svn: E220001: Item is not readable
>
> The only way the "svn log" works that I have read about or found is
> when the admin adds * = r to the root folder in the authz file.
'svn log' does not need access to the repository root. 'svn log URL'
only needs access to URL.
I think the issue is that your client anchors 'svn log ^/projects/foo'
on ^/projects rather than on ^/projects/foo, so for the operation to
succeed with that client the user needs to have the 'r' permission on
/projects too, not just on subdirs thereof. I'm not sure if there's
a way to force the client (which version?) to anchor the operation on
^/projects/foo.
As a workaround, you could switch the authz file from a whitelist
cpproach to a blacklist approach, give @untrusted rw on / and
specifically deny them authz on /projects/bar. That does mean new
projects would be visible to @untrusted by default; whether that's
a good thing depends on your context. (It's a social question, not
a technical one.)
Cheers,
Daniel
Received on 2016-09-03 20:05:56 CEST