Geek Answers Handbook

SVN authz, path-based authentication problems

[groups] developer = a,b,c doc = r,x [/doc] @doc = rw @developer = rw [/] @developer = rw * =

If now a member of the doc group tries to check the documentation, this will not work. I want the document members to just be able to check the sub-dir document, something else is forbidden. Any ideas how to achieve this?

Regards Ronny

[update]

client: svn, version 1.5.4 (r33841) server: svn, version 1.4.6 (r28521)

access via svn + ssh: / user @ host / fullpath-to-repos

  • 1 works great for two years
  • 2 maybe - see version numbers above (I will be against our administrator, immediately)
  • 3 no? just ssh
  • 4 nope
  • 5 nope

[update]

  • using svn client version 1.4.6 (r28521) does not work either - the same errors
  • I use simple command line access. svn co svn + ssh: // ....

[update]

  • server: Linux 2.6.16.60-0.39.3-default9 i686 athlon i386 GNU / Linux - suse 10? or something like that, I think.
  • client: Kubuntu 9.04
  • through the OpenSSH SSH client
  • the server rejects svn: // connections to localhost - any connection --- you need to try it with a copy during working hours in the near future

[update 4] * This is not my own server, I cannot do what I want with it. This is a very old server for at least 10 years, with hundreds of users. Standard things should work. correct me if I missed something.

[update 5] want to believe it or not. I used the wrong way and now everything works fine, Sorry to waste your time. I will give the FoxyBOA award for its brilliance.

+7
authentication svn authz
source share
3 answers

Which members of url @doc are trying to verify?

[UPDATED]

Could you provide additional information: the version of SVN on the server and on the client side. How do your clients try to connect to the SVN server (for example, from Eclipse using the subtitle library, command line, etc.).

  • If you use svn + ssh, your user must have valid access to your server. Do your users have the correct shell (i.e. bash, tcsh, etc.)? / Bin / false and other fake shells will not work with the svn + ssh connection type.

  • Another problem that may arise is different versions of SVN on the server and on the client side (for example, server 1.4, client 1.5, which try to connect using 1.5 technologies).

  • Do you use SASL authentication with SVN?

  • Do you use tunelling ?

  • Do you use the ssh configuration tricks described in svn docs ?

[UPDATED2]

  1. Are you connecting to SVN from the command line or are you using the IDE? If you are using an IDE, name it and provide information about which addon / library / etc. you use to connect to the svn server.

[UPDATED3]

  1. Could you create a test account and temporarily try to access the SVN server without ssh? Just using the simple svn: // protocol. If this works, the problem occurs in ssh, if it fails - svn.
  2. What tool do you use to connect ssh and what OS do you work from?

[UPDATE4] - Are you sure your svn server is running? If your svn runs on a standard port, try connecting directly to the svn port from the server:

 telnet localhost 3690

  • If it works, try connecting from the client (i.e. telnet ip_server 3690).

  • If telnet is running on the server, but telnet from the client is not working, check your firewalls, routers, etc.

  • If telnet on the server fails. Try restarting the svn server and checking the server logs.

[UPDATE5]

In my opinion, your svn server has stopped. Could you verify that the svn service is visible locally (telnet from localhost to 3690) and remotely. If the svn service is working correctly in both cases, you should get something like

(success (1 2 (ANONYMOUS) (edit pipeline)))

+2
source share

The true way to do this is here:

 [groups] developer = a,b,c doc = r,x [doc:/] * = @doc = rw @developer = rw [otherPath:/] * = @developer = rw @doc = r [/] * = rw
+3
source share

"I'm using svn + ssh ... the weird thing"

svn + ssh uses ssh to connect, then runs svnserve in tunnel mode

When launched through a tunnel, authorization is controlled primarily with the permission of the operating system to the repository database files; this is very much the same as if Harry had access to the repository directly through the file: // URL.

svnserve documentation

In other words, it ignores the setting you configured.

0
source share

More articles:


All Articles