You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Fyodor <fy...@insecure.org> on 2006/05/05 06:13:15 UTC

Problem with new directory-level authz authorization with svnserve

First, thanks for adding directory-level access control to svnserve.
That is a feature I have desired for years!  Unfortunately, it does
not seem to work in the way I expect.  I am using SVN 1.3.1 on Fedora
Core 5.  Here is a simple authz file which demonstrates the issue:

# Deny by default
[/]
* =

# Allow everyone full access to /scratch
[/scratch]
* = rw

The idea here is to deny all access by default, then explicitly grant
users access to the directories they are specifically authorized for.
But when I run svnserve with the authz above, I find that users are
able to check out from /scratch and perform other read-only commands.
But write attempts fail as so:

> svn commit -m "just a test" testfile
Adding         testfile
Transmitting file data .svn: Commit failed (details follow):
svn: Access denied

I haven't looked to deeply into the code, but the access denial seems
to be triggered at line 148 of libsvn_repos/commit.c:

      SVN_ERR (editor_baton->authz_callback (required, &allowed, root,
      path, editor_baton->authz_baton, pool));
      if (!allowed)
        return svn_error_create(required & svn_authz_write ?
                                SVN_ERR_AUTHZ_UNWRITABLE :
                                SVN_ERR_AUTHZ_UNREADABLE,
                                NULL, "Access denied");

Writing to the /scratch directory suddenly starts to work if I change my authz
to allow read access to the root directory as in this version:

[/]
* = r

# Allow full access to /scratch
[/scratch]
* = rw

I don't know if this is expected behavior or a bug, but it seems
unintuitive that read access to the parent directory is needed in
order to give RW to a sub directory.  And it seems to conflict with
the SVN book's documentation of the authz syntax.  I'd love to see a
fix which enables us to use default deny of all access to [/], but
still allow targeted writes of specified directories for specified
users.


Thanks,
Fyodor
http://www.insecure.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Problem with new directory-level authz authorization with svnserve

Posted by Lieven Govaerts <lg...@mobsol.be>.

Fyodor,

at first sight, you're encountering issue 2486:
http://subversion.tigris.org/issues/show_bug.cgi?id=2486 .
This issue has been solved and the solution will be included in svn 1.3.2.

regards,

Lieven.

Quoting Fyodor <fy...@insecure.org>:

> First, thanks for adding directory-level access control to svnserve.
> That is a feature I have desired for years!  Unfortunately, it does
> not seem to work in the way I expect.  I am using SVN 1.3.1 on Fedora
> Core 5.  Here is a simple authz file which demonstrates the issue:
>
> # Deny by default
> [/]
> * =
>
> # Allow everyone full access to /scratch
> [/scratch]
> * = rw
>
> The idea here is to deny all access by default, then explicitly grant
> users access to the directories they are specifically authorized for.
> But when I run svnserve with the authz above, I find that users are
> able to check out from /scratch and perform other read-only commands.
> But write attempts fail as so:
>
> > svn commit -m "just a test" testfile
> Adding         testfile
> Transmitting file data .svn: Commit failed (details follow):
> svn: Access denied
>
> I haven't looked to deeply into the code, but the access denial seems
> to be triggered at line 148 of libsvn_repos/commit.c:
>
>       SVN_ERR (editor_baton->authz_callback (required, &allowed, root,
>       path, editor_baton->authz_baton, pool));
>       if (!allowed)
>         return svn_error_create(required & svn_authz_write ?
>                                 SVN_ERR_AUTHZ_UNWRITABLE :
>                                 SVN_ERR_AUTHZ_UNREADABLE,
>                                 NULL, "Access denied");
>
> Writing to the /scratch directory suddenly starts to work if I change my
> authz
> to allow read access to the root directory as in this version:
>
> [/]
> * = r
>
> # Allow full access to /scratch
> [/scratch]
> * = rw
>
> I don't know if this is expected behavior or a bug, but it seems
> unintuitive that read access to the parent directory is needed in
> order to give RW to a sub directory.  And it seems to conflict with
> the SVN book's documentation of the authz syntax.  I'd love to see a
> fix which enables us to use default deny of all access to [/], but
> still allow targeted writes of specified directories for specified
> users.
>
>
> Thanks,
> Fyodor
> http://www.insecure.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org