You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Mathias Kende <ma...@kende.fr> on 2008/09/22 13:24:54 UTC
design problem (bug): cannot check out a 'private' directory in a
repos
Hi,
This is a report of something that is not really a bug (because the
software behave as expected), but is a design problem of the new 1.5
keywords ($anonymous and &authenticated) for the authz file of svnserve.
Which prevent to check out a repository with a private directory.
The problem is that if a directory is readable by anybody but not one of
its subdirectory then you can't check out the subdirectory.
Step to reproduce :
At the root of your svnserve create a new repos :
svnadmin create test
Uncomment one user in passwd (e.g. harry=harryssecret) and add the
passwd file in the svnserve.conf file, wich is now :
[general]
anon-access = read
auth-access = write
password-db = passwd
Then, import some files into it :
svn co svn://localhost/test
cd test
mkdir public
mkdir private
touch public/foo
touch private/bar
svn add public private
svn ci
Add "authz-db = authz" in svnserve.conf and modify the authz file to
something like :
[aliases]
[groups]
[/]
$anonymous = r
$authenticated = rw
[test:/private]
$anonymous =
And now, we try to check out some fresh copy of the repos.
svn co svn://localhost/test
and
svn co --username harry --password harryssecret svn://localhost/test
These two commands have the same result : only the "public" directory is
checked out.
My problem is that I know no proper way the check out the entire
repository.
The reason is that svnserve sees that no password is needed to read '/'
so the password is not used (I don't know if the authentication is
done), and the "private" directory can not be checked out.
The solution is to c/o separately the other directory :
cd test
svn co svn://localhost/test/private
Which will ask for the password if it has not been given in the previous
step, and then, you need to modify "test/.svn/entries" and remove all
the blank lines and the "absent" keyword under the name of the "private"
directory for it to be recognised as part of the repos. But this is
something that should not be done I suppose.
The solution I see to this problem is that when svn sends a credential,
svnserve should use it to authenticate the user even if it not needed,
or, even better, when the checkout occurs, the server should ask for a
password if some sub-directories need authentication (this is not a
security issue I believe because in any case the name of the "private"
directory is transmitted to the client as it is in the .svn/entries
file).
I hope that I was clear enough,
thanks,
Mathias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: design problem (bug): cannot check out a 'private' directory in a repos
Posted by Karl Fogel <kf...@red-bean.com>.
Thanks, Mathias. I think there is a workaround for this, but I can't
remember it. However, this question comes up often enough that we
should find out and add it to the FAQ.
I'm CC'ing the dev@ list so we can find that workaround, and then write
the FAQ entry.
-Karl
Mathias Kende <ma...@kende.fr> writes:
> This is a report of something that is not really a bug (because the
> software behave as expected), but is a design problem of the new 1.5
> keywords ($anonymous and &authenticated) for the authz file of svnserve.
> Which prevent to check out a repository with a private directory.
>
> The problem is that if a directory is readable by anybody but not one of
> its subdirectory then you can't check out the subdirectory.
>
> Step to reproduce :
>
> At the root of your svnserve create a new repos :
> svnadmin create test
> Uncomment one user in passwd (e.g. harry=harryssecret) and add the
> passwd file in the svnserve.conf file, wich is now :
> [general]
> anon-access = read
> auth-access = write
> password-db = passwd
>
>
> Then, import some files into it :
> svn co svn://localhost/test
> cd test
> mkdir public
> mkdir private
> touch public/foo
> touch private/bar
> svn add public private
> svn ci
>
> Add "authz-db = authz" in svnserve.conf and modify the authz file to
> something like :
>
> [aliases]
> [groups]
> [/]
> $anonymous = r
> $authenticated = rw
> [test:/private]
> $anonymous =
>
> And now, we try to check out some fresh copy of the repos.
> svn co svn://localhost/test
> and
> svn co --username harry --password harryssecret svn://localhost/test
> These two commands have the same result : only the "public" directory is
> checked out.
>
> My problem is that I know no proper way the check out the entire
> repository.
>
> The reason is that svnserve sees that no password is needed to read '/'
> so the password is not used (I don't know if the authentication is
> done), and the "private" directory can not be checked out.
>
> The solution is to c/o separately the other directory :
> cd test
> svn co svn://localhost/test/private
> Which will ask for the password if it has not been given in the previous
> step, and then, you need to modify "test/.svn/entries" and remove all
> the blank lines and the "absent" keyword under the name of the "private"
> directory for it to be recognised as part of the repos. But this is
> something that should not be done I suppose.
>
> The solution I see to this problem is that when svn sends a credential,
> svnserve should use it to authenticate the user even if it not needed,
> or, even better, when the checkout occurs, the server should ask for a
> password if some sub-directories need authentication (this is not a
> security issue I believe because in any case the name of the "private"
> directory is transmitted to the client as it is in the .svn/entries
> file).
>
> I hope that I was clear enough,
> thanks,
>
> Mathias
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: design problem (bug): cannot check out a 'private' directory in a repos
Posted by Karl Fogel <kf...@red-bean.com>.
Thanks, Mathias. I think there is a workaround for this, but I can't
remember it. However, this question comes up often enough that we
should find out and add it to the FAQ.
I'm CC'ing the dev@ list so we can find that workaround, and then write
the FAQ entry.
-Karl
Mathias Kende <ma...@kende.fr> writes:
> This is a report of something that is not really a bug (because the
> software behave as expected), but is a design problem of the new 1.5
> keywords ($anonymous and &authenticated) for the authz file of svnserve.
> Which prevent to check out a repository with a private directory.
>
> The problem is that if a directory is readable by anybody but not one of
> its subdirectory then you can't check out the subdirectory.
>
> Step to reproduce :
>
> At the root of your svnserve create a new repos :
> svnadmin create test
> Uncomment one user in passwd (e.g. harry=harryssecret) and add the
> passwd file in the svnserve.conf file, wich is now :
> [general]
> anon-access = read
> auth-access = write
> password-db = passwd
>
>
> Then, import some files into it :
> svn co svn://localhost/test
> cd test
> mkdir public
> mkdir private
> touch public/foo
> touch private/bar
> svn add public private
> svn ci
>
> Add "authz-db = authz" in svnserve.conf and modify the authz file to
> something like :
>
> [aliases]
> [groups]
> [/]
> $anonymous = r
> $authenticated = rw
> [test:/private]
> $anonymous =
>
> And now, we try to check out some fresh copy of the repos.
> svn co svn://localhost/test
> and
> svn co --username harry --password harryssecret svn://localhost/test
> These two commands have the same result : only the "public" directory is
> checked out.
>
> My problem is that I know no proper way the check out the entire
> repository.
>
> The reason is that svnserve sees that no password is needed to read '/'
> so the password is not used (I don't know if the authentication is
> done), and the "private" directory can not be checked out.
>
> The solution is to c/o separately the other directory :
> cd test
> svn co svn://localhost/test/private
> Which will ask for the password if it has not been given in the previous
> step, and then, you need to modify "test/.svn/entries" and remove all
> the blank lines and the "absent" keyword under the name of the "private"
> directory for it to be recognised as part of the repos. But this is
> something that should not be done I suppose.
>
> The solution I see to this problem is that when svn sends a credential,
> svnserve should use it to authenticate the user even if it not needed,
> or, even better, when the checkout occurs, the server should ask for a
> password if some sub-directories need authentication (this is not a
> security issue I believe because in any case the name of the "private"
> directory is transmitted to the client as it is in the .svn/entries
> file).
>
> I hope that I was clear enough,
> thanks,
>
> Mathias
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: design problem (bug): cannot check out a 'private' directory in
a repos
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Karl Fogel wrote on Mon, 22 Sep 2008 at 17:41 -0400:
> Thanks, Mathias. I think there is a workaround for this, but I can't
> remember it. However, this question comes up often enough that we
> should find out and add it to the FAQ.
>
It sounds similar to this:
http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html
but I'm not sure if it's the same...
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: design problem (bug): cannot check out a 'private' directory in
a repos
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Karl Fogel wrote on Mon, 22 Sep 2008 at 17:41 -0400:
> Thanks, Mathias. I think there is a workaround for this, but I can't
> remember it. However, this question comes up often enough that we
> should find out and add it to the FAQ.
>
It sounds similar to this:
http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html
but I'm not sure if it's the same...
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org