Re: problem authz_svn_module

Mon, 16 Jan 2017 23:50:33 -0800 

On Mon, 16 Jan 2017, Daniel Shahaf wrote:


Date: Mon, 16 Jan 2017 19:48:44 +0100
From: Daniel Shahaf <d...@daniel.shahaf.name>
To: Henk P. Penning <penn...@uu.nl>
Cc: users@subversion.apache.org
Subject: Re: problem authz_svn_module

Henk P. Penning wrote on Sun, Jan 15, 2017 at 10:02:12 +0100:


Hi Daniel,


   but (and this is the PROBLEM) the checkout command prompts
   for a username/password :

    %  svn co //svn.science.uu.nl/repos/project.mirmon/trunk

   With the "LimitExcept" lines in the config, the checkout
   command works, although some errors appear in the log
   (see below).

  So, it appears that the 'checkout' command does a

    PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk

   which causes the username/password-prompt when the
   "LimitExcept" lines are omitted.

   -- Does this diagnosis make sense ?
   -- How do I make this work, without the LimitExcept trick ?


LimitExcept is actually the documented recommendation; see
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz
(second code snippet)


  Eh ; LimitExcept (together with GET PROPFIND OPTIONS REPORT) is
  mentioned in the context of "anonymous read" and "valid-user write"
  [the "GET" is a give-away] ; different case, I think.

  What I have is a private repo with a public subtree (trunk) :

    [project.mirmon:/]
    penni101 = rw
    # anonymous read not allowed
    * =
    [project.mirmon:/trunk]
    penni101 = rw
    # anonymous read allowed
    * = r

  An 'anonymous' user can browse (svn ls, svn cat)
  but not checkout (svn co), because the checkout
  does a (note the '!') :

    PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk


The other option is to set two separate <Location> blocks, one for
anonymous users (that excludes everything-but-trunk unconditionally) and
one for authenticated users (that requires authentication for all
operations).


  Do you mean : use 2 AuthzSVNAccessFile's ?


Daniel


  Thanks ; regards,

  Henk Penning

------------------------------------------------------------   _
Henk P. Penning, ICT-beta                 R Uithof HFG-406   _/ \_
Faculty of Science, Utrecht University    T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL        F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl     \_/

Reply via email to