Login | Register
My pages Projects Community openCollabNet

Discussions > users [DISABLED] > RE: Access control bug in SVN >= 1.5.3

subversion
Discussion topic

Back to topic list

RE: Access control bug in SVN >= 1.5.3

Author "Gleason, Todd" <tgleason at impac dot com>
Full name "Gleason, Todd" <tgleason at impac dot com>
Date 2009-02-24 14:45:28 PST
Message > Hello,
>
> I've posted the following bug report to dev@ mailing list about a
month
> ago.
> As it got no response I'm going to repeat it here.
>
> The bug must have been introduced somewhere between 1.5.3 and 1.5.5,
as
> we've
> noticed it after the upgrade of both client and server sides from
1.5.2 to
> 1.5.5.
>
> For a repository, some users are granted full rw access from the root
> downwards, while other users
> may access only specific subtrees in it. The access.conf looks like
this:
>
> @full = user1,user2
>
> [Repo:/]
> @full = rw

Have you tried adding to here:

otheruser = r

>
> [Repo:/some/path/beneath]
> otheruser = rw
>
> Now this restricted user can check-out his working copy of
> /some/path/beneath without problem.
> He can also make queries with `svn status -u' or `svn info http://URL'
.
> But an attempt to make an
> update of the working copy leads to the following mysterious message:
>
> svn: Server sent unexpected return value (403 Forbidden) in response
to
> OPTIONS request for 'http://our.server/svn/Repo'
>
> In the server log the following record appears:
>
> Access denied: 'otheruser' OPTIONS Repo:/
> Provider encountered an error while streaming a REPORT response.
[500,
> #0]
> A failure occurred while driving the update report editor [500,
#190004]
>
> It gives the impression that `svn update' tries to access something at
the
> root of the repository,
> which it formerly (<=1.5.2) did not need. (We have no external
subsets in
> this repository).
> If it is not a bug but a new feature, it effectively renders our
> permission scheme absolutely useless.

If it's a root-level issue, maybe the suggestion above about giving
read-only access at the root level will work for you.

As to why access above that level is needed, I don't know. Maybe
something related to mergeinfo?

« Previous message in topic | 2 of 3 | Next message in topic »

Messages

Show all messages in topic

Access control bug in SVN &gt;= 1.5.3 Ewgenij Gawrilow <gawrilow at math dot TU-Berlin dot DE> Ewgenij Gawrilow <gawrilow at math dot TU-Berlin dot DE> 2009-02-19 00:48:23 PST
     RE: Access control bug in SVN &gt;= 1.5.3 "Gleason, Todd" <tgleason at impac dot com> "Gleason, Todd" <tgleason at impac dot com> 2009-02-24 14:45:28 PST
         Re: Access control bug in SVN &gt;= 1.5.3 Ewgenij Gawrilow <gawrilow at math dot TU-Berlin dot DE> Ewgenij Gawrilow <gawrilow at math dot TU-Berlin dot DE> 2009-02-25 01:37:59 PST
Messages per page: