You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Martin Eisenhardt <ma...@wiai.uni-bamberg.de> on 2006/03/20 12:53:41 UTC
Path-based auth with svn+ssh
Hello list,
I would like to setup a repository that is *only* accessible over svn+ssh. I
follow
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks
to setup public-key-based authentication and let all users share the same
account (using 'command="svnserver -t --tunnel-user=joe" JOES-KEY
joe@example.com' in .ssh/authorized_keys).
Everything works all right so far.
Now, and additionally, I would like to setup path-based authorization. I
uncomment the lines "[general]" and "authz-db = authz" in svnserve.conf, and
the file authz contains the following lines:
[repository:/trunk]
joe = rw
Trying to commit something to that repository yields:
svn: Commit failed (details follow):
svn: Authorization failed
Where is the problem? Have I exposed myself as noob? :-D
Thanks for your help!
Kind regards
Martin
--
Dipl. Wirtsch.Inf.(Univ.) Martin Eisenhardt
Otto-Friedrich-Universität Bamberg
Fakultät Wirtschaftinformatik und Angewandte Informatik
Lehrstuhl für Medieninformatik
D-96045 Bamberg
fon: +49 (951) 863-2856
fax: +49 (951) 863-2852
www: http://www.mneisen.org
Re: Path-based auth with svn+ssh
Posted by Lieven Govaerts <lg...@mobsol.be>.
Quoting Martin Eisenhardt <ma...@wiai.uni-bamberg.de>:
> Hello Lieven,
>
> thanks for the quick reply.
>
> On Monday March 20 2006 13:58, Lieven Govaerts wrote:
> > Martin,
> >
> >
> > I think you're seeing issue 2486 (
> > http://subversion.tigris.org/issues/show_bug.cgi?id=2486 ).
>
> Indeed, this seems to be the problem I encounter.
>
> >
> > A workaround for this issue is to give user joe read-access on the root of
> > the repository.
>
> Doesn't it mean that joe has automatically read-access to all subfolders in
> the repository? This would be less than desirable.
>
Yep, that's exactly what it means. You can disable joe's read-rights on all
subfolders again.
> > I've send a patch to the dev-list for this issue, but it's not accepted
> > (yet). I hope that it's included in svn 1.3.2.
>
> Good work, thanks for that!
>
> On an (un)related note, does it matter what I call my repository in the authz
> file?
>
> Example:
>
> Do the following two lines have the same effect?
>
> [repository:/trunk]
> * = r
>
> [repos:/trunk]
> * = r
>
> I ask because the svnserve.conf that comes with a newly created repository
> has
> the first form in it, and I read the second form in the bug report you
> relayed me to in your last message.
>
> Does the first part (before the colon) matter at all? (Because, my repository
> is not called "repository" or "repos", but "svn" ...)
>
I think ( not 100% sure ) that it only matters if you use the authz file for
multiple repositories. With svnserve, if you have one authz per repository (
ie. if you only have one repository ), you can remove the repository name as
well:
[/]
...
[/trunk]
...
> Thanks again!
>
> Kind regards
> Martin
Lieven.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Path-based auth with svn+ssh
Posted by Martin Eisenhardt <ma...@wiai.uni-bamberg.de>.
Hello Lieven,
thanks for the quick reply.
On Monday March 20 2006 13:58, Lieven Govaerts wrote:
> Martin,
>
>
> I think you're seeing issue 2486 (
> http://subversion.tigris.org/issues/show_bug.cgi?id=2486 ).
Indeed, this seems to be the problem I encounter.
>
> A workaround for this issue is to give user joe read-access on the root of
> the repository.
Doesn't it mean that joe has automatically read-access to all subfolders in
the repository? This would be less than desirable.
> I've send a patch to the dev-list for this issue, but it's not accepted
> (yet). I hope that it's included in svn 1.3.2.
Good work, thanks for that!
On an (un)related note, does it matter what I call my repository in the authz
file?
Example:
Do the following two lines have the same effect?
[repository:/trunk]
* = r
[repos:/trunk]
* = r
I ask because the svnserve.conf that comes with a newly created repository has
the first form in it, and I read the second form in the bug report you
relayed me to in your last message.
Does the first part (before the colon) matter at all? (Because, my repository
is not called "repository" or "repos", but "svn" ...)
Thanks again!
Kind regards
Martin
> Lieven.
>
> Quoting Martin Eisenhardt <ma...@wiai.uni-bamberg.de>:
> > Hello list,
> >
> > I would like to setup a repository that is *only* accessible over
> > svn+ssh. I follow
>
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.s
>erverconfig.svnserve.sshtricks
>
> > to setup public-key-based authentication and let all users share the same
> > account (using 'command="svnserver -t --tunnel-user=joe" JOES-KEY
> > joe@example.com' in .ssh/authorized_keys).
> >
> > Everything works all right so far.
> >
> > Now, and additionally, I would like to setup path-based authorization. I
> > uncomment the lines "[general]" and "authz-db = authz" in svnserve.conf,
> > and the file authz contains the following lines:
> >
> > [repository:/trunk]
> > joe = rw
> >
> > Trying to commit something to that repository yields:
> >
> > svn: Commit failed (details follow):
> > svn: Authorization failed
> >
> > Where is the problem? Have I exposed myself as noob? :-D
> >
> > Thanks for your help!
> >
> > Kind regards
> > Martin
> > --
> > Dipl. Wirtsch.Inf.(Univ.) Martin Eisenhardt
> >
> > Otto-Friedrich-Universität Bamberg
> > Fakultät Wirtschaftinformatik und Angewandte Informatik
> > Lehrstuhl für Medieninformatik
> >
> > D-96045 Bamberg
> >
> > fon: +49 (951) 863-2856
> > fax: +49 (951) 863-2852
> >
> > www: http://www.mneisen.org
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
--
Dipl. Wirtsch.Inf.(Univ.) Martin Eisenhardt
Otto-Friedrich-Universität Bamberg
Fakultät Wirtschaftinformatik und Angewandte Informatik
Lehrstuhl für Medieninformatik
D-96045 Bamberg
fon: +49 (951) 863-2856
fax: +49 (951) 863-2852
www: http://www.mneisen.org
Re: Path-based auth with svn+ssh
Posted by Lieven Govaerts <lg...@mobsol.be>.
Martin,
I think you're seeing issue 2486 (
http://subversion.tigris.org/issues/show_bug.cgi?id=2486 ).
A workaround for this issue is to give user joe read-access on the root of the
repository.
I've send a patch to the dev-list for this issue, but it's not accepted (yet). I
hope that it's included in svn 1.3.2.
Lieven.
Quoting Martin Eisenhardt <ma...@wiai.uni-bamberg.de>:
> Hello list,
>
> I would like to setup a repository that is *only* accessible over svn+ssh. I
> follow
>
>
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks
>
> to setup public-key-based authentication and let all users share the same
> account (using 'command="svnserver -t --tunnel-user=joe" JOES-KEY
> joe@example.com' in .ssh/authorized_keys).
>
> Everything works all right so far.
>
> Now, and additionally, I would like to setup path-based authorization. I
> uncomment the lines "[general]" and "authz-db = authz" in svnserve.conf, and
> the file authz contains the following lines:
>
> [repository:/trunk]
> joe = rw
>
> Trying to commit something to that repository yields:
>
> svn: Commit failed (details follow):
> svn: Authorization failed
>
> Where is the problem? Have I exposed myself as noob? :-D
>
> Thanks for your help!
>
> Kind regards
> Martin
> --
> Dipl. Wirtsch.Inf.(Univ.) Martin Eisenhardt
>
> Otto-Friedrich-Universität Bamberg
> Fakultät Wirtschaftinformatik und Angewandte Informatik
> Lehrstuhl für Medieninformatik
>
> D-96045 Bamberg
>
> fon: +49 (951) 863-2856
> fax: +49 (951) 863-2852
>
> www: http://www.mneisen.org
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org