Svn – How does AuthzSVNAccessFile work

svnwebdav

I have set up an SVN repo with WebDAV access. For some reason it does not let checkout.

Here is my httpd.conf part:

<Location /svn>
  DAV svn
  SVNParentPath /home/svn/repositories
  AuthzSVNAccessFile /home/svn/dav_svn.authz
  Satisfy Any
  Require valid-user
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /home/svn/dav_svn.passwd
</Location>

I have two repositories named "first" and "second" and the content of dav_svn.authz is:

[first:/]
doe = rw
* = r

[second:/]
doe = rw
grig = rw
* = r

When I'm trying to checkout the second with user doe, I get this in error_log:
user doe: authentication failure for "/svn/second": Password Mismatch

In order to understand what can be the problem I would like to better understand how the AuthzSVNAccessFile is supposed to work.

Best Answer

Does the error only occur for user doe on both repositories? Or does it fail for grig on the second repository? Assuming it fails for all users, and assuming the error isn't in the AuthUserFile and the SVNParentPath is correct, I think you need to add a default access rule for all of your repositories.

[/]
* = r

[first:/]
doe = rw

[second:/]
doe = rw
grig = rw

Or you could put users doe and grig into a group and do it as follows:

[groups]
secondteam = doe, grig

[/]
* = r

[first:/]
doe = rw

[second:/]
@secondteam = rw

You mention that you would like to better understand how the AuthzSVNAccessFile is supposed to work. I recommend reading this tutorial. A full path-based authorization file example from that tutorial for supporting multiple repositories is below:

[groups]
admin = john, kate
devteam1 = john, rachel, sally
devteam2 = kate, peter, mark
docs = bob, jane, mike
training = zak

# Default access rule for ALL repositories
# Everyone can read, admins can write, Dan German is excluded.
[/]
* = r
@admin = rw
dangerman =

# Allow developers complete access to their project repos
[proj1:/]
@devteam1 = rw
[proj2:/]
@devteam2 = rw
[bigproj:/]
@devteam1 = rw
@devteam2 = rw
trevor = rw

# Give the doc people write access to all the docs folders
[/trunk/doc]
@docs = rw

# Give trainees write access in the training repository only
[TrainingRepos:/]
@training = rw

Related Solutions

Svn – How Do I Restrict Repository Access via WebSVN

The issue is probably relating to the splitting of configuration between two location directives, but I'm not sure.

Rather than defining permissions in two places (apache config and the authz file), just define them in the authz file. Like so:

httpd.conf

<Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn/repository

  Require valid-user
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /path/to/.htpasswd

  SVNPathAuthz on
  AuthzSVNAccessFile /path/to/svn.authz
</Location>

svn.authz

[groups]
sysadmins = joebloggs jimsmith mickmurphy

# By default, nobody has any permissions
[/]
* = 

# sysadmins get access to the sysadmin repository
[sysadmin:/]
@sysadmins = rw

You would need the appropriate users in the htpasswd file too, obviously.

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

I recently struggled with the same problem on my Fedora 10 system. In my case the culprit was some odd redirection that I was doing in Apache. Specifically, I use a content management system (Drupal, to be exact) that within it's .htaccess includes the following redirection logic to redirect missing files to a PHP script:

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It makes sense that the above only affects the PUT method since in that case REQUEST_FILENAME does not exist.

Not having the WebDAV area inside of the Drupal area, which seems like a reasonable constraint, fixes the problem.

Also, I think it is likely that SELinux would result in a different error, but it's not mentioned in the discussion above. Did you try disabling SELinux?

Best Answer

Related Solutions

Svn – How Do I Restrict Repository Access via WebSVN

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Related Topic