You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Wolfgang Frisch <xo...@unfoog.de> on 2007/08/14 15:17:00 UTC
authz problem, trying to protect a subfolder
Hello.
For quite a while, I've tried to setup a subversion repository with the
following requirements:
1. Accessible via svnserve
2. / is readable by anyone
3. /subfolder is only readable/writable for a certain user
I've achieved everything but requirement number 3. Removing anonymous
write access works just fine, but removing read access too doesn't.
Then, I tried to make the problem reproducable. To verify it wasn's a
distribution specific issue, I tried it with these
Distribution/Subversion combinations:
* Gentoo Linux x86 / SVN 1.3.2-r4
* Gentoo Linux x86 / SVN 1.4.4-r3
* Ubuntu Linux x86 / SVN 1.4.3dfsg1-1ubuntu1
------------------------------------------
Steps to reproduce:
------------------------------------------
* In order to rule out any filesystem permission problems, run
svnserve as root:
svnserve -d -r /var/svn/ --foreground
* svnadmin create /var/svn/myrepo
* Setup the repository configuration files:
--- /var/svn/myrepo/conf/svnserve.conf:
[general]
anon-access = read
auth-access = write
password-db = passwd
authz-db = authz
realm = My Repo Name
--- /var/svn/myrepo/conf/passwd:
[users]
johndoe = xyz
--- /var/svn/myrepo/conf/authz:
[/]
johndoe = rw
* = r
[/subfolder]
johndoe = rw
* =
* [Works]: As user johndoe, run:
svn mkdir svn://myserver/myrepo/subfolder
* [Works]: As the user johndoe, run:
svn ls svn://myserver/myrepo/subfolder
* [Error]: As the user johndoe, run:
svn co svn://myserver/myrepo/subfolder
After a few seconds, svn replies with the error message: svn: Not
authorized to open root of edit operation
--
Wolfgang Frisch
Jabber: wolf@unfoog.de
Re: authz problem, trying to protect a subfolder
Posted by Wolfgang Frisch <xo...@unfoog.de>.
Thanks to the help of a user in #svn on irc.freenode.net, I just
found out that my problem was indeed a bug and has been fixed in r25178.
The corresponding bugtracker page is:
http://subversion.tigris.org/issues/show_bug.cgi?id=2712
So in case anyone stumbles upon this, either wait until Subversion
1.5.0 gets released or build the current trunk.
Cheers,
Wolfgang Frisch
On Tue, 14 Aug 2007 17:17 Wolfgang Frisch <xo...@unfoog.de> wrote:
> Hello.
>
> For quite a while, I've tried to setup a subversion repository with the
> following requirements:
>
> 1. Accessible via svnserve
> 2. / is readable by anyone
> 3. /subfolder is only readable/writable for a certain user
>
> I've achieved everything but requirement number 3. Removing anonymous
> write access works just fine, but removing read access too doesn't.
> Then, I tried to make the problem reproducable. To verify it wasn's a
> distribution specific issue, I tried it with these
> Distribution/Subversion combinations:
>
> * Gentoo Linux x86 / SVN 1.3.2-r4
> * Gentoo Linux x86 / SVN 1.4.4-r3
> * Ubuntu Linux x86 / SVN 1.4.3dfsg1-1ubuntu1
>
> ------------------------------------------
> Steps to reproduce:
> ------------------------------------------
>
> * In order to rule out any filesystem permission problems, run
> svnserve as root:
> svnserve -d -r /var/svn/ --foreground
>
> * svnadmin create /var/svn/myrepo
>
> * Setup the repository configuration files:
>
> --- /var/svn/myrepo/conf/svnserve.conf:
> [general]
> anon-access = read
> auth-access = write
> password-db = passwd
> authz-db = authz
> realm = My Repo Name
>
> --- /var/svn/myrepo/conf/passwd:
> [users]
> johndoe = xyz
>
> --- /var/svn/myrepo/conf/authz:
> [/]
> johndoe = rw
> * = r
>
> [/subfolder]
> johndoe = rw
> * =
>
> * [Works]: As user johndoe, run:
> svn mkdir svn://myserver/myrepo/subfolder
> * [Works]: As the user johndoe, run:
> svn ls svn://myserver/myrepo/subfolder
> * [Error]: As the user johndoe, run:
> svn co svn://myserver/myrepo/subfolder
>
> After a few seconds, svn replies with the error message: svn: Not
> authorized to open root of edit operation
>
> --
> Wolfgang Frisch
> Jabber: wolf@unfoog.de
>
--
Wolfgang Frisch
Jabber: wolf@unfoog.de