Please do not top-post on this list (i.e. put your reply below the
thing you're replying to, not above it). Now on to the matter at
hand...
2010/9/2 alinagra <alina...@163.com>:
> actually I use svnserve, no Apache/http access.
> and I have several repositories under the svn directory.
> It looks like this:
> svn
> ---prj1 repo
> ---prj2 repo
> ---prj2 repo
>
> and this issue happens in every repo.
>
>
>
>
> At 2010-09-01 17:36:29,"Erik Andersson" <kir...@gmail.com> wrote:
>
>
> 2010/9/1 alinagra <alina...@163.com>
>>
>> Here is the repo arch:
>>
>> /trunk
>> ----/folder a
>> ----/folder b
>> ----/folder c
>> ----/access
>>
>> /tag
>>
>> I think this is the most common case, and it seems if one doesn't have
>> access right, he can not create a tag for /trunk.
>> or is there something wrong with my configuration?
>
> Are you using the SVNParentPath or SVNPath directive?
> Can you show us your Subversion section for Apache?
>>
>>
>> At 2010-09-01 14:11:07,"Erik Andersson" <kir...@gmail.com> wrote:
>>
>>
>> 2010/9/1 alinagra <alina...@163.com>
>>>
>>> Hi, buddies,
>>>
>>> I have setup a SVN server and I use SASL authentication. But right now I
>>> have a authz question:
>>> I can create tags with accont TIM, but when I try to create a tag with
>>> the account not jim, it reports "access denied" error.
>>
>> Where do you create tags?
>>>
>>> Does anyone know why? Thanks in advance
>>>
>>> Here is my authz file:
>>> ### This file is an example authorization file for svnserve.
>>> ### Its format is identical to that of mod_authz_svn authorization
>>> ### files.
>>> ### As shown below each section defines authorizations for the path and
>>> ### (optional) repository specified by the section name.
>>> ### The authorizations follow. An authorization line can refer to:
>>> ### - a single user,
>>> ### - a group of users defined in a special [groups] section,
>>> ### - an alias defined in a special [aliases] section,
>>> ### - all authenticated users, using the '$authenticated' token,
>>> ### - only anonymous users, using the '$anonymous' token,
>>> ### - anyone, using the '*' wildcard.
>>> ###
>>> ### A match can be inverted by prefixing the rule with '~'. Rules can
>>> ### grant read ('r') access, read-write ('rw') access, or no access
>>> ### ('').
>>>
>>> [groups]
>>> # harry_and_sally = harry,sally
>>> aa = TIM
>>>
>>> [test:/]
>>> * = rw
>>>
>>> [test:/trunk/access]
>>> @aa = rw
>>> * =
You need to have read access to an entire subtree if you want to
create a tag from it. A tag in SVN is essentially a copy of the
subtree to another location (typically the /tags subdirectory on the
repository). If people could create tags of a part of the repository
to which they don't have full read access, they could also just create
a copy to any location in which they have full access, bypassing the
authz security.
So in your case: if people other that TIM need to create tags from
trunk (or trunk/access), they'll need to have read access on
/trunk/access (* = r).
Or am I misunderstanding something? Are they trying to create tags
from siblings of /trunk/access, to which they have full access?
Cheers,
--
Johan
