[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: problem authz_svn_module

From: Henk P. Penning <penning_at_uu.nl>
Date: Tue, 17 Jan 2017 08:49:52 +0100

On Mon, 16 Jan 2017, Daniel Shahaf wrote:

> Date: Mon, 16 Jan 2017 19:48:44 +0100
> From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
> To: Henk P. Penning <penning_at_uu.nl>
> Cc: users_at_subversion.apache.org
> Subject: Re: problem authz_svn_module
>
> Henk P. Penning wrote on Sun, Jan 15, 2017 at 10:02:12 +0100:

Hi Daniel,

>> but (and this is the PROBLEM) the checkout command prompts
>> for a username/password :
>>
>> % svn co //svn.science.uu.nl/repos/project.mirmon/trunk
>>
>> With the "LimitExcept" lines in the config, the checkout
>> command works, although some errors appear in the log
>> (see below).
>>
>> So, it appears that the 'checkout' command does a
>>
>> PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk
>>
>> which causes the username/password-prompt when the
>> "LimitExcept" lines are omitted.
>>
>> -- Does this diagnosis make sense ?
>> -- How do I make this work, without the LimitExcept trick ?
>
> LimitExcept is actually the documented recommendation; see
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz
> (second code snippet)

   Eh ; LimitExcept (together with GET PROPFIND OPTIONS REPORT) is
   mentioned in the context of "anonymous read" and "valid-user write"
   [the "GET" is a give-away] ; different case, I think.

   What I have is a private repo with a public subtree (trunk) :

     [project.mirmon:/]
     penni101 = rw
     # anonymous read not allowed
     * =
     [project.mirmon:/trunk]
     penni101 = rw
     # anonymous read allowed
     * = r

   An 'anonymous' user can browse (svn ls, svn cat)
   but not checkout (svn co), because the checkout
   does a (note the '!') :

     PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk

> The other option is to set two separate <Location> blocks, one for
> anonymous users (that excludes everything-but-trunk unconditionally) and
> one for authenticated users (that requires authentication for all
> operations).

   Do you mean : use 2 AuthzSVNAccessFile's ?

> Daniel

   Thanks ; regards,

   Henk Penning

------------------------------------------------------------ _
Henk P. Penning, ICT-beta R Uithof HFG-406 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penning@uu.nl \_/
Received on 2017-01-17 08:50:23 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.