You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Alvaro Gonzalez <ag...@cern.ch> on 2011/11/04 12:15:32 UTC
"Invalid authz configuration" verbose?
Hello,
I have encountered from time to time the problem that someone (or an
script) modified an authz file in such a way that it blocked the access
completely to the repository:
"Invalid authz configuration"
In all the cases I have seen the problem was due to an undefined group,
something like this:
[groups]
group1 = user1, user2
[/]
group1 = rw
group2 = r
my question is, is there any way to have a better error report of the
problem? I often have problems in some authz files which are very long,
and it is not trivial to find the problematic group.
Do you have any suggestion?
Cheers
--
Alvaro Gonzalez Alvarez IT/PES-IS
CERN - European Organization for Nuclear Research
Phone: 0041 22 76 77 118
1211 Geneva - Switzerland, CERN Office: 31/1-026
Re: "Invalid authz configuration" verbose?
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Stefan Sperling wrote on Fri, Nov 04, 2011 at 13:05:51 +0100:
> On Fri, Nov 04, 2011 at 01:45:14PM +0200, Daniel Shahaf wrote:
> >
> >
> > On Friday, November 04, 2011 12:15 PM, "Alvaro Gonzalez" <ag...@cern.ch> wrote:
> > > Hello,
> > >
> > > I have encountered from time to time the problem that someone (or an
> > > script) modified an authz file in such a way that it blocked the access
> > > completely to the repository:
> > >
> > > "Invalid authz configuration"
> > ...
> > > my question is, is there any way to have a better error report of the
> > > problem? I often have problems in some authz files which are very long,
> > > and it is not trivial to find the problematic group.
> > >
> > > Do you have any suggestion?
> > >
> >
> > Use the svnauthz-validate tool (probably packaged in the 'svn-tools' package of your OS, or 'make svnauthz-validate install-tools' if you build from source).
> >
> > Send patches against libsvn_repos/authz.c that add the section name,
> > key name, line number, etc to the error message.
>
> The error messages in that file look sane.
> I suspect there is a problem with apache not logging the entire
> error message.
Right you are.
However, there is an instance of "Invalid authz configuration" in
svnserve --- and that one is the only instance in the source code not to
have an accompanying verbose error string --- because it logs the
verbose error string to the --log-file and explicitly removes it from
marshalling to the client.
tldr: when the only error string given is "Invalid authz configuration",
the svnserve --log-file will contain the more verbose error.
Re: "Invalid authz configuration" verbose?
Posted by Stefan Sperling <st...@elego.de>.
On Fri, Nov 04, 2011 at 01:45:14PM +0200, Daniel Shahaf wrote:
>
>
> On Friday, November 04, 2011 12:15 PM, "Alvaro Gonzalez" <ag...@cern.ch> wrote:
> > Hello,
> >
> > I have encountered from time to time the problem that someone (or an
> > script) modified an authz file in such a way that it blocked the access
> > completely to the repository:
> >
> > "Invalid authz configuration"
> ...
> > my question is, is there any way to have a better error report of the
> > problem? I often have problems in some authz files which are very long,
> > and it is not trivial to find the problematic group.
> >
> > Do you have any suggestion?
> >
>
> Use the svnauthz-validate tool (probably packaged in the 'svn-tools' package of your OS, or 'make svnauthz-validate install-tools' if you build from source).
>
> Send patches against libsvn_repos/authz.c that add the section name,
> key name, line number, etc to the error message.
The error messages in that file look sane.
I suspect there is a problem with apache not logging the entire
error message.
Re: "Invalid authz configuration" verbose?
Posted by Alvaro Gonzalez <ag...@cern.ch>.
I will take a look, thank you
On 04/11/11 12:45, Daniel Shahaf wrote:
>
> On Friday, November 04, 2011 12:15 PM, "Alvaro Gonzalez"<ag...@cern.ch> wrote:
>> Hello,
>>
>> I have encountered from time to time the problem that someone (or an
>> script) modified an authz file in such a way that it blocked the access
>> completely to the repository:
>>
>> "Invalid authz configuration"
> ...
>> my question is, is there any way to have a better error report of the
>> problem? I often have problems in some authz files which are very long,
>> and it is not trivial to find the problematic group.
>>
>> Do you have any suggestion?
>>
> Use the svnauthz-validate tool (probably packaged in the 'svn-tools' package of your OS, or 'make svnauthz-validate install-tools' if you build from source).
>
> Send patches against libsvn_repos/authz.c that add the section name, key name, line number, etc to the error message.
>
> http://subversion.apache.org/patches
>
> Thanks!
>
>> Cheers
>>
>> --
>> Alvaro Gonzalez Alvarez IT/PES-IS
>> CERN - European Organization for Nuclear Research
>> Phone: 0041 22 76 77 118
>> 1211 Geneva - Switzerland, CERN Office: 31/1-026
>>
>>
--
Alvaro Gonzalez Alvarez IT/PES-IS
CERN - European Organization for Nuclear Research
Phone: 0041 22 76 77 118
1211 Geneva - Switzerland, CERN Office: 31/1-026
Re: "Invalid authz configuration" verbose?
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
On Friday, November 04, 2011 12:15 PM, "Alvaro Gonzalez" <ag...@cern.ch> wrote:
> Hello,
>
> I have encountered from time to time the problem that someone (or an
> script) modified an authz file in such a way that it blocked the access
> completely to the repository:
>
> "Invalid authz configuration"
...
> my question is, is there any way to have a better error report of the
> problem? I often have problems in some authz files which are very long,
> and it is not trivial to find the problematic group.
>
> Do you have any suggestion?
>
Use the svnauthz-validate tool (probably packaged in the 'svn-tools' package of your OS, or 'make svnauthz-validate install-tools' if you build from source).
Send patches against libsvn_repos/authz.c that add the section name, key name, line number, etc to the error message.
http://subversion.apache.org/patches
Thanks!
> Cheers
>
> --
> Alvaro Gonzalez Alvarez IT/PES-IS
> CERN - European Organization for Nuclear Research
> Phone: 0041 22 76 77 118
> 1211 Geneva - Switzerland, CERN Office: 31/1-026
>
>