0

I am using an authz file to restrict access to a subversion server (svnserve). I would like to grant a user read-write access to a specific project in a repository, but no access to other projects in the same repository. My authz file looks like this:

[groups]
trusted = userA,userB,userC

[/]
@trusted = rw
* =

[repo1:/project1]
userD = rw

However with this authz file, userD can only read, but not write to /project1.

If I add the following:

[repo1:/]
userD = r

Then userD can both read and write to /project1.

This does not make any sense to me. According to the subversion book, "the most specific path always matches first", so there should be no need for this. Furthermore, I can't understand that setting read permission is what actually lets this user write to the project.

Can anyone help?

Improve this question
6
  • 1
    I'm stumped, it looks fine to me. What version of SVN are you using, client and server? Also, how are you accessing the repo (eclipse, command line, etc)? Commented Apr 26, 2011 at 18:45
  • 1
    just tested this with mod_dav_svn 1.6.13 and it worked fine but having similar problems with svnserve Commented Apr 26, 2011 at 23:54
  • @John: svn server is 1.3.1. Accessing the repo from command line, but can't check the client version right now (different machine). I'll post it later today. Commented Apr 27, 2011 at 6:46
  • @vinnyjames: Interesting, that seems to point to a svnserve bug Commented Apr 27, 2011 at 6:47
  • @Grodriguez do you have an apache install you can test the config on with the mod_dav_svn? I agree, if @vinnyjames is having the same issue then it is probably an svnserve bug. Commented Apr 27, 2011 at 17:42

1 Answer 1

Reset to default
1

This seems to be a similar or the same bug as mentioned here in versions below 1.5. I would highly recommend upgrading your repositories and SVN version to 1.6. That can be kind of a pain though, as you'd have to dump and load the entire repo. There's a good guide on migrating your repository here. If your repo is small, it's not too long of a process (I've done it in a corporate environment).

An alternative would be to use apache as your SVN server host.

EDIT:

After scouring through the SVN changelogs, I found this in 1.4.3 Changes:

fixed: authz requires read access for root for writes (issue #2486)

This sounds like your issue. So supposedly it should be fixed after version 1.4.3.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks John. I'm not sure it's really the same bug as I have anon-access set to none, which seems to fix all the issues mentioned there. I'll happily upgrade the repository but I would first like to know if this has really been fixed in a later version...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.