subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: SVN Query about granting access
Date Wed, 09 Apr 2014 08:02:14 GMT
Geoff Field wrote on Wed, Apr 09, 2014 at 13:58:30 +1000:
> 	Do you grant global read/write access to that repository at all?
> 	Not sure, about this. Can you please tell me where this param
> 	value specified?
> 
> In your Subversion.conf file, there could be a line - most likely
> related to that repository - that says something like:
> 

It's good practice not to refer to files by name but by function since
the name may change among vendors.  In particular, when I saw
"subversion.conf" I thought you were referring to an httpd.conf
directives files.

> Of course, I'm making a lot of assumptions here, but that's what works
> for us.  We've been known to make specific repositories private in our
> configuration by saying (for that repository):
> 
> * =
> 
> I'm not totally convinced it will work, since the individual settings
> seem to override the global ones.  More knowledgeable heads than mine
> might have more of a clue.

There are a number of cases where settings are overridden by other
settings.  For example: when a section name is repeated; when both
[/path] and [foo:/path] exist; when a [/path] stanza contains multiple
LHS tokens that match the authenticated username.  Also there is the
question of whether the correct file is being edited (an easy way to
test this is to insert an intentional syntax error into the file; the
next request on a new connection should then fail with HTTP 500).

(And before someone points out that causing HTTP 500's on a live site is
bad practice: it's bad practice to test an authz file on a live site, so
I'm assuming the edits are done initially in a test setup (maybe a test
<Location> with a different authentication backend).)

My advice is: use 'svnauthz accessof' to debug your authz file.  If you
can't get it to do what you want, make a minimal example that shows the
problem (as few users / paths / repos as possible) and post it here with
an explanation of what semantics (access matrix) you'd like to achieve.

http://subversion.apache.org/docs/release-notes/1.8#svnauthz_accessof

Daniel

Mime
View raw message