Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
1.4.x
-
None
Description
=== Situation: I'm trying to run my own repo with full read/write access to myself, while blocking anonymous access except for a few selected directories which I'd like to offer anonymous read access to. Repo is running using standalone svnserve with the following config: svnserve.conf: [general] password-db = passwd authz-db = authz realm = My Repo passwd: mina = mypassword authz: [/] mina = rw [/shared/project] * = r mina = rw === Problem: As expected, working with /shared/project works fine (anonymous can read, cannot write - authenticated "mina" can read and write) The problem is when "mina" tries to read other parts of the repo which the [/] entry applies to. Simple read operations such as "list" work, however the most common operation "checkout" fails <-- svn co svn://localhost/popick . ...delay... --> svn: Not authorized to open root of edit operation Hunch: I think that the client authenticates fine with svnserve, but at some stage later svnserve treats the connection as anonymous again. === Partial fix In svnserve.conf, setting "anon-access" to "none" (instead of the default "read") fixes the demonstrated problem for user "mina", at the cost of disabling all anonymous reading to the repo, which is undesired in this example. Another (also undesirable) fix is in authz, add an acl under [/] to "* = r". It allows the checkout to succeed, at the cost of allowing all anonymous users read access to all the repository. === Buddies/witnesses: * Fyodor (of nmap fame) posted on MARC: http://marc2.theaimsgroup.com/?l=subversion- users&m=116691293115555 * More verbose devshed forum entry: http://archives.devshed.com/forums/development-94/anon- access-read-authz-not-a-cry-for-help-1939252.html Thank you for your time and an excellent open source tool.
Original issue reported by minaguib