subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henk P. Penning" <penn...@uu.nl>
Subject Re: problem authz_svn_module
Date Tue, 17 Jan 2017 07:49:52 GMT
On Mon, 16 Jan 2017, Daniel Shahaf wrote:

> Date: Mon, 16 Jan 2017 19:48:44 +0100
> From: Daniel Shahaf <d.s@daniel.shahaf.name>
> To: Henk P. Penning <penning@uu.nl>
> Cc: users@subversion.apache.org
> Subject: Re: problem authz_svn_module
> 
> Henk P. Penning wrote on Sun, Jan 15, 2017 at 10:02:12 +0100:

Hi Daniel,

>>    but (and this is the PROBLEM) the checkout command prompts
>>    for a username/password :
>>
>>     %  svn co //svn.science.uu.nl/repos/project.mirmon/trunk
>>
>>    With the "LimitExcept" lines in the config, the checkout
>>    command works, although some errors appear in the log
>>    (see below).
>>
>>   So, it appears that the 'checkout' command does a
>>
>>     PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk
>>
>>    which causes the username/password-prompt when the
>>    "LimitExcept" lines are omitted.
>>
>>    -- Does this diagnosis make sense ?
>>    -- How do I make this work, without the LimitExcept trick ?
>
> LimitExcept is actually the documented recommendation; see
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz
> (second code snippet)

   Eh ; LimitExcept (together with GET PROPFIND OPTIONS REPORT) is
   mentioned in the context of "anonymous read" and "valid-user write"
   [the "GET" is a give-away] ; different case, I think.

   What I have is a private repo with a public subtree (trunk) :

     [project.mirmon:/]
     penni101 = rw
     # anonymous read not allowed
     * =
     [project.mirmon:/trunk]
     penni101 = rw
     # anonymous read allowed
     * = r

   An 'anonymous' user can browse (svn ls, svn cat)
   but not checkout (svn co), because the checkout
   does a (note the '!') :

     PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk

> The other option is to set two separate <Location> blocks, one for
> anonymous users (that excludes everything-but-trunk unconditionally) and
> one for authenticated users (that requires authentication for all
> operations).

   Do you mean : use 2 AuthzSVNAccessFile's ?

> Daniel

   Thanks ; regards,

   Henk Penning

------------------------------------------------------------   _
Henk P. Penning, ICT-beta                 R Uithof HFG-406   _/ \_
Faculty of Science, Utrecht University    T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL        F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penning@uu.nl     \_/

Mime
View raw message