You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Attila Nagy <br...@fsn.hu> on 2009/03/24 15:51:25 UTC

Subversion authorization problems

Hello,
(I'm not subscribed to the list, please keep me in CC)

I have an FSFS repository, accessible only through apache with 
mod_dav_svn. I have to use strict access controls (even for reads), so I 
utilize AuthzSVNAccessFile.
Sometimes between upgrading from 1.4 to 1.5 the users have started to 
complain about occasional authentication errors, which could be solved 
only by deleting and checkouting their local repository.

The problem manifests in the following error:

$ svn update
svn: Server sent unexpected return value (403 Forbidden) in response to 
OPTIONS request for 'https://repo/svn'
 
repo/svn is the root of the repository, to which the user don't have any 
rights.
If the user deletes the local copy and issues a new svn checkout, 
everything works for sometime, but later the same error occurs again.

In the above example he wants to update repo/svn/docs/iplists, for which 
he has rights.

The svnaccess file contains (a lot more, but these two are relevant here):
[/]
@svnadmin = rw

[/docs/iplists]
* = rw

The given user is not in the svnadmin group (the members of that group 
of course don't see these kind of errors).

This problem occurs at different places too, where the scenario is the 
same (/ has limited access, and the user has only access to a deeped 
directory).

We couldn't notice such strange errors before the 1.4->1.5 switch (on 
the server) as far as I can remember...
BTW, I remember that I've tried to change from neon to serf (but I don't 
remember where, only on the server, or on one of our clients) in the 
1.4-era, which resulted similar errors, so I've switched back to neon.

The apache config:
<IfModule mod_dav_svn.c>
<Location /svn>
        AuthType basic
        AuthName "SVN authentication"
        Satisfy Any
        Order allow,deny
        Allow From all
        Require valid-user
        AddHandler mod_python .py
        PythonAuthenHandler pop3auth
        PythonPath "sys.path+['/usr/local/bin']"
        DAV svn
        SVNPath /data/svnrepo
        AuthzSVNAccessFile /data/svnadmin/svnaccess
</Location>
</IfModule>

Versions:
svn: 1.5.4
apache: 2.2.9
OS: FreeBSD 7-STABLE

Any ideas?

Thanks,

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1403371

To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].