subversion acls
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
subversion acls
by SR
::
Rate this Message:
Hi,
I am new to subversion. I am trying to set up directory-level access control in the repository. The 'conf/authz' is as follows: [/] * = r [/abc/trunk/src] * = user1 = rw But when I try to checkout the source as the user 'user1', I get the following error: "svn: Not authorized to open root of edit operation" What am I doing wrong here ? Regards, -Rahul S. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by PRM AG - Matthias Weinmann
::
Rate this Message:
Hello,
I also had this problem. Solution, that worked for me. You have to define in svnserve.conf rw - access at minimum to authenticated users. Line 13: auth-access = write M. Weinmann PRM AG Rahul S schrieb: > Hi, > I am new to subversion. I am trying to set up directory-level > access control in the repository. The 'conf/authz' is as follows: > [/] > * = r > > [/abc/trunk/src] > * = > user1 = rw > > But when I try to checkout the source as the user 'user1', I get the > following error: > "svn: Not authorized to open root of edit operation" > What am I doing wrong here ? > > Regards, > > -Rahul S. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by Anand Sachdev
::
Rate this Message:
Hi
Same problem, I've already given the
auth-access = write in the svnserve.conf file.
any other suggestions on how to resolve this issue.
Anand On 2/17/06, PRM AG - Matthias Weinmann <weinmann@...> wrote:
Hello, M. Weinmann |
|
|
Re: subversion acls
by SR
::
Rate this Message:
Hi,
I have done that. The following is my svnserve.conf. [general] anon-access = read auth-access = write password-db = passwd authz-db = authz realm = New realm But, the problem is still there. Regards, -Rahul S. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by Suruchi Parimu
::
Rate this Message:
Hi,
Don't know too much myself, but, r u guys using Apache or svn, 'coz to the best of my knowledge svn serve does not support directory level rights. Plz correct me if i'm wrong. Suruchi ----- Original Message ----- From: "Rahul S" <srahul@...> To: "PRM AG - Matthias Weinmann" <weinmann@...> Cc: <users@...> Sent: Monday, February 20, 2006 8:43 AM Subject: Re: subversion acls Hi, I have done that. The following is my svnserve.conf. [general] anon-access = read auth-access = write password-db = passwd authz-db = authz realm = New realm But, the problem is still there. Regards, -Rahul S. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by Ryan Schmidt-6
::
Rate this Message:
On Feb 20, 2006, at 11:12, Suruchi Parimu wrote:
> Don't know too much myself, but, r u guys using Apache or svn, 'coz > to the > best of my knowledge svn serve does not support directory level > rights. Plz > correct me if i'm wrong. As of Subversion 1.3.0, authz is available in both the Apache module and in svnserve. This has been stated many times on this list and is mentioned in the 1.3.0 release notes. http://subversion.tigris.org/svn_1.3_releasenotes.html --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by Michael Hertling
::
Rate this Message:
On Fri, 17 Feb 2006, Rahul S wrote:
> [...] I am trying to set up directory-level > access control in the repository. The 'conf/authz' is as follows: > [/] > * = r > > [/abc/trunk/src] > * = > user1 = rw > > But when I try to checkout the source as the user 'user1', I get the > following error: > "svn: Not authorized to open root of edit operation" Hi Rahul, dear svn community, using the new path-based authorization feature of svnserve 1.3.0 - no Apache involved - I've encountered a similar problem which appears to have the same origin. Having 'svnuser' in 'conf/passwd' of repository 'repos', blanket access rules in 'conf/svnserve.conf' set to defaults 'anon-access=read' and 'auth-access=write', resp., it was my intention to disable anonymous access to the repository's root and explicitly enable it for selected paths, i.e. in 'conf/authz': [/] * = svnuser = r [/trunk] * = r svnuser = rw The above lines should allow authenticated read access to '/' for 'svnuser' and anonymous read access to '/trunk'. The command line svn co --username svnuser svn://localhost/repos workdir correctly challenges for authentication as user 'svnuser', but then terminates with "svn: Not authorized to open root of edit operation", leaving a working directory 'workdir' with only a '.svn' subdirectory therein. In particular, the latter strikes me as faulty behaviour since svn usually doesn't create a working directory if a checkout operation aborts due to failed authentication. Furthermore, in case of anonymous access being forbidden in general by 'anon-access=none' in 'conf/svnserve.conf' with 'conf/authz' unchanged, the above command works as expected: challenge for authentication and subsequent checkout. This leads to the - imho - somewhat paradoxical situation where one has to tighten the rules for anonymous access in order to gain the desired authenticated access. Nevertheless, even if it's the normal method of svn to operate anonymously as far as possible, it should manage to perform the checkout mentioned at first after it receives a valid authentication. To me, it seems as if svn tries to perform the checkout anonymously even after the need for authentication has been realized and caused the proper challenge, and finally stumbles across the entirety of access rules. @ Rahul: Try your desired operations with 'anon-access=none' and see if this succeeds. Provided that you're absolutely in need of an anonymous repository handling, my suggestion is to add an account without password to the repository, e.g. 'guest', and give the access rights originally intended for the anonymous user to it. This workaround will complicate access rules in 'conf/authz' though, but allows at least anonymous-like operations, e.g.: svn co --username guest --password '' svn://<host>/<repos>/<path> @ svn developers: I'd like to ask if the behaviour described above and earlier by Rahul is really intented w.r.t. svnserve's new path-based authorization and I'm overlooking something, or if it's indeed questionable. Any suggestions, clarifications etc. will be greatly appreciated. Regards Michael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by Steven Simpson-2
::
Rate this Message:
Ryan Schmidt wrote:
> As of Subversion 1.3.0, authz is available in both the Apache module > and in svnserve. Could it also be placed in the svn client? This would allow a script that had direct, unlimited file:/// access to restrict itself to the permissions of a user on whose behalf it is acting. Thanks, Steven -- ss at comp dot lancs dot ac dot uk | --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: subversion acls
by Anand Sachdev
::
Rate this Message:
Rahul,
I have it working now, do you want to see my config files? Anand On 2/21/06, Michael Hertling <hertling@...> wrote: On Fri, 17 Feb 2006, Rahul S wrote: |
| Free embeddable forum powered by Nabble | Forum Help |
