That can't be right, since it works perfectly when I use the authz file by itself. When I add that apache location in, everything except the file that is indicated in that location works exactly as expected with the authz file in the order I have it.



Benjamin Ortega
--------------------------------------------
Operations Systems Engineer
Wells Fargo Bank, Des Moines, IA
CORE Build & Deploy Team
Benjamin.Ortega@WellsFargo.com
☎ : 515-720-2700 (cell)‬
‪MAC: X2301-01X‬

‪‬


This transmission may contain information that is confidential and/or proprietary. If you are not the individual or entity to which it is addressed, note that any review, disclosure, copying, retransmission, or other use is strictly prohibited. If you received this transmission in error, please notify the sender immediately and delete the material from your system.‬


From: Tony Sweeney <tsweeney@omnifone.com>
To: Ortega, Benjamin; users@subversion.apache.org <users@subversion.apache.org>
Sent: Sat Jan 01 11:20:59 2011
Subject: RE: On commit attempt, Server sent unexpected return value (403 Forbidden) in response to CHECKOUT

 

 


From: Benjamin.Ortega@wellsfargo.com [mailto:Benjamin.Ortega@wellsfargo.com]
Sent: 01 January 2011 17:13
To: users@subversion.apache.org
Subject: On commit attempt, Server sent unexpected return value (403 Forbidden) in response to CHECKOUT

 

I'm trying to integrate a SVN Authz authorization file with apache configuration files to provide a solution for not just directory level restrictions, but also file level restrictions. It's my understanding that the SVN Authorization file is not capable of handling file-specific restrictions, only directory level.

The SVN Authz file is set up and i'm able to use it with absolutely no issues what-so-ever. If I switch to using just the Apache Conf file by itself, it works exactly as expected with no issues. But if I combine them I get something very weird. Everything works just fine, except the trying to commit the file that was restricted by the following Location/Limit:

<Location "/subversion/repo/*/*/*/folder/structure/RestrictedFile">
<Limit PUT>
Require user my_username
</Limit>
</Location>

I'm able to view, update, and checkout the file, and am able to do anything (checkout, commit, etc) to other files in the same directory, but when I attempt perform a commit of changes to the "RestrictedFile", I get the following error:
Error: Commit failed (details follow):
Error: Server sent unexpected return value (403 Forbidden) in response to CHECKOUT
Error: request for '/subversion/repo/!svn/ver/110/folder/structure/RestrictedFile'

the apache access log file gives me the following:
ip_address - - [30/Dec/2010:15:49:58 -0600] "OPTIONS /subversion/repo/folder/structure HTTP/1.1" 401 1337

ip_address - my_username [30/Dec/2010:15:49:59 -0600] "OPTIONS /subversion/repo/folder/structure HTTP/1.1" 200 -
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND /subversion/repo/folder/structure HTTP/1.1" 207 816
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "OPTIONS /subversion/repo/folder/structure HTTP/1.1" 200 195
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "MKACTIVITY /subversion/repo/!svn/act/71f51505-a174-8349-ab61-843f80a40f8f HTTP/1.1" 201 234
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND /subversion/repo/!svn/vcc/default HTTP/1.1" 207 414
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "CHECKOUT /subversion/repo/!svn/bln/110 HTTP/1.1" 201 250
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPPATCH /subversion/repo/!svn/wbl/71f51505-a174-8349-ab61-843f80a40f8f/110 HTTP/1.1" 207 469
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "PROPFIND /subversion/repo/folder/structure HTTP/1.1" 207 526
ip_address - - [30/Dec/2010:15:49:59 -0600] "CHECKOUT /subversion/repo/!svn/ver/110/folder/structure/RestrictedFile HTTP/1.1" 403 1021
ip_address - my_username [30/Dec/2010:15:49:59 -0600] "DELETE /subversion/repo/!svn/act/71f51505-a174-8349-ab61-843f80a40f8f HTTP/1.1" 204 -

If I remove the <Location...> entry listed above, i'm able to commit just fine.

My svnauthz file basically has this:

[/]

* =

my_username = rw

The ordering is important.  Authz uses the fist match.  The first rule matches for all users, including ‘my_username’, so the second rule is ignored.  Try swapping the order of the directives, i.e.

[/]

my_username = rw

* =

If I change “* = “ to “* = r”, I get the same issue.  If I change it to “* = rw”, I’m able to commit.

Benjamin Ortega

Benjamin Ortega
----------------------------------------------
Operations Systems Engineer
Wells Fargo Bank, Des Moines, IA
CORE Build & Deploy Team
+ : Benjamin.Ortega@WellsFargo.com
( : 515-720-2700 (cell)

MAC: X2301-01X

This transmission may contain information that is confidential and/or proprietary. If you are not the individual or entity to which it is addressed, note that any review, disclosure, copying, retransmission, or other use is strictly prohibited. If you received this transmission in error, please notify the sender immediately and delete the material from your system.


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________