Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 839C8100D4 for ; Wed, 9 Apr 2014 08:03:02 +0000 (UTC) Received: (qmail 59112 invoked by uid 500); 9 Apr 2014 08:03:01 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 58951 invoked by uid 500); 9 Apr 2014 08:03:01 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 58901 invoked by uid 99); 9 Apr 2014 08:03:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 08:03:00 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [66.111.4.25] (HELO out1-smtp.messagingengine.com) (66.111.4.25) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 08:02:55 +0000 Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id C1F3D211B4; Wed, 9 Apr 2014 04:02:34 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Wed, 09 Apr 2014 04:02:34 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= daniel.shahaf.name; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=mesmtp; bh= /682jVbziuz5jdvgAXXpTbyh/F0=; b=GA2S5YRmyr/VxIcuNMWa7bg8Hl8JIEIk M5zgw+OIQm8RotIAR4rjrj5VtXJjirnfYVP5+Wp1oZuHAun6COKAdOU54dHkYGlh s5M+7N8hXIBhskkM39crGqrrzlfxxIcNZeDbU+oWkEf46rIS7xFTY0R0EbrSJk0D 1VBnVvhOi40= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:to:cc:subject:message-id :references:mime-version:content-type:in-reply-to; s=smtpout; bh=/682jVbziuz5jdvgAXXpTbyh/F0=; b=CfV7E0DoeOaQgFnw9ChyX1/v5JWR gJx11JUKlvCs+KeeTwRekdIc7i/oYMCgp9UZ0dv2LX2FzZVnnyZjeZJt+95DaJWO lkBoQ323C1kubdnmHV7B68qbdush5r8wBEiVm2er+7AoMteUIwXveskNYWZMdOfn G+yW7wO4FkF5lAA= X-Sasl-enc: yz3zeX9R8nrL2sGtLyVAYTBciwdV2gdssKjNfh43Sun0 1397030554 Received: from tarsus.local2 (unknown [46.19.33.46]) by mail.messagingengine.com (Postfix) with ESMTPA id 7E88AC0000C; Wed, 9 Apr 2014 04:02:33 -0400 (EDT) Date: Wed, 9 Apr 2014 08:02:14 +0000 From: Daniel Shahaf To: Geoff Field Cc: karthik kg , users@subversion.apache.org Subject: Re: SVN Query about granting access Message-ID: <20140409080155.GA2801@tarsus.local2> References: <20140407081259.GE2313@tarsus.local2> <6E29C02DC1F0D54D9E032FBF40E53D7AECF2A045@AAPLExchange.aapl.com.au> <6E29C02DC1F0D54D9E032FBF40E53D7AECF2A0E6@AAPLExchange.aapl.com.au> <6E29C02DC1F0D54D9E032FBF40E53D7AECF993FB@AAPLExchange.aapl.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6E29C02DC1F0D54D9E032FBF40E53D7AECF993FB@AAPLExchange.aapl.com.au> User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Checked: Checked by ClamAV on apache.org Geoff Field wrote on Wed, Apr 09, 2014 at 13:58:30 +1000: > Do you grant global read/write access to that repository at all? > Not sure, about this. Can you please tell me where this param > value specified? > > In your Subversion.conf file, there could be a line - most likely > related to that repository - that says something like: > It's good practice not to refer to files by name but by function since the name may change among vendors. In particular, when I saw "subversion.conf" I thought you were referring to an httpd.conf directives files. > Of course, I'm making a lot of assumptions here, but that's what works > for us. We've been known to make specific repositories private in our > configuration by saying (for that repository): > > * = > > I'm not totally convinced it will work, since the individual settings > seem to override the global ones. More knowledgeable heads than mine > might have more of a clue. There are a number of cases where settings are overridden by other settings. For example: when a section name is repeated; when both [/path] and [foo:/path] exist; when a [/path] stanza contains multiple LHS tokens that match the authenticated username. Also there is the question of whether the correct file is being edited (an easy way to test this is to insert an intentional syntax error into the file; the next request on a new connection should then fail with HTTP 500). (And before someone points out that causing HTTP 500's on a live site is bad practice: it's bad practice to test an authz file on a live site, so I'm assuming the edits are done initially in a test setup (maybe a test with a different authentication backend).) My advice is: use 'svnauthz accessof' to debug your authz file. If you can't get it to do what you want, make a minimal example that shows the problem (as few users / paths / repos as possible) and post it here with an explanation of what semantics (access matrix) you'd like to achieve. http://subversion.apache.org/docs/release-notes/1.8#svnauthz_accessof Daniel