svnauthenticationauthz

SVN authz, path-based authentication woes


[groups]
developer = a,b,c
doc = r,x

[/doc]
@doc = rw
@developer = rw

[/]
@developer = rw
* =

If now a member of the group doc tries to check out the documentation, it does not work. I want members of doc just to be able to check out the sub-dir doc, anything else is forbidden. Any ideas howto achieve this?

kind regards ronny

[update]

client: svn, version 1.5.4 (r33841) server: svn, Version 1.4.6 (r28521)

access via svn+ssh:/user@host/fullpath-to-repos

[update]

[update]

[update 4] * this is not my own server, I cannot do what I want with it. It is a very old server 10 years at least running, with hundreds of users. Standard things should work. correct me if I am missing something.

[update 5] believe it or not. I was using the wrong path and now everything works perfectly well, I am sorry to have wasted your time. I'll give the bounty to FoxyBOA for his efford.


Solution

  • Which url @doc members try to checkout?

    [UPDATED]

    Could you please provide some additional info: version of SVN on server and on client sides. How your clients try to connect to SVN server (e.g. from Eclipse using subclipse library, command prompt etc.).

    1. If you are using svn+ssh your user must have a valid access to your server. Are your users have a correct shell (i.e. bash, tcsh etc.)? /bin/false and other fakes shells will not work with svn+ssh connection type.

    2. Other problem that your may occur - different SVN versions on server and on client sides (e.g. server 1.4, client 1.5 which try to connect using 1.5 technologies).

    3. Are you using SASL authentication with SVN?

    4. Are you using tunelling?

    5. Are you using ssh configuration tricks described in svn docs?

    [UPDATED2]

    1. Are you connection to SVN from the command prompt or you are using an IDE? If you are using an IDE, please name it and provide info regarding which addon/library/etc. you are using for connection to the SVN server.

    [UPDATED3]

    1. Could you create test account and temporary try to get access to SVN server w/o ssh? Just using plain svn:// protocol. If it works, the issue is in ssh, if it fails - svn.
    2. Which tool are you using for ssh connection and from which OS you are working on?

    [UPDATE4] - Are you sure that your svn server started? If your svn works on standard port, try to connect direct at svn port from the server locally:

    telnet localhost 3690
    

    [UPDATE5]

    In my mind your svn server stopped. Could you please check if svn service is visible locally (telnet from localhost to 3690) and remotely. If svn service works correctly in both cases you have to get something like

    ( success ( 1 2 ( ANONYMOUS ) ( edit-pipeline ) ) )