RE: view log problem with path authorization
Thanks, Stefan, for the explanation. It has been very puzzling, this makes sense now. A feature, not a bug. ;-) From: Stefan Sperling <s...@elego.de> Sent: Monday, 30 May 2016 8:27 PM To: Phil Crooker Cc: users@subversion.apache.org Subject: Re: view log problem with path authorization On Tue, May 24, 2016 at 08:40:29AM +, Phil Crooker wrote: > Newbie question - I have authenticated users with read or r/w access are > unable to view logs, eg: > > > # svn --username whatever --password x > svn://svn/repos/project/yada.txt > > svn: Item is not readable > > I must grant anonymous read access in authz and then it works: > > > [/] > > * = r > > > I've seen this reported earlier but no answer: > > > http://svn.haxx.se/users/archive-2011-02/0141.shtml > > http://stackoverflow.com/questions/6651997/svn-show-log-not-working > > > My question is why can't an authenticated user who has rights see the logs? Hi Phil, The use case scenario behind the design of the authz feature is the following: Imagine you're setting up a competition, where teams apply to compete and write some piece of software for you based on a specification. Your competition has the following contraints: - No team should be aware of who else is competing. - You're hosting all competing teams in a single repository. In this scenario, the following information must be protected: - file content - the knowledge of which paths exist in the repository - the knowledge of which authors make commits to the repository 'svn log' shows always the author name, and the list of changed paths is available with 'svn log -v'. And because log messages are free-form, they may contain content which would leak such information. For example, developers might refer to each other in log messages ("Review by: Robert") or they might refer to paths in the repository ("team1/project1/main.c: Fix crash with --help option.") That's why, if any path in the changed paths list of a revision is forbidden to the authenticated user, the *entire* information which would be provided by 'svn log' is hidden from that user. I suspect that, in your scenario, SVN denies access to the revision log based on the above reasoning. -- This message from ORIX Australia might contain confidential and/or privileged information. If you are not the intended recipient, any use, disclosure or copying of this message (or of any attachments to it) is not authorised. If you have received this message in error, please notify the sender immediately and delete the message and any attachments from your system. Please inform the sender if you do not wish to receive future communications by email. The ORIX Australia Privacy Policy outlines what kinds of personal information we collect and hold, how we collect and handle it and your rights in regards to your personal information. Our Privacy Policy is available on our website: http://www.orix.com.au . We do not accept liability for any loss or damage caused by any computer viruses or defects that may be transmitted with this message. We recommend you carry out your own checks for viruses or defects.
Re: view log problem with path authorization
Hi Phil, Any response to this? It does look like a bug to me... *From:* Phil Crooker *Sent:* Tuesday, 24 May 2016 6:10 PM *To:* users@subversion.apache.org *Subject:* view log problem with path authorization Newbie question - I have authenticated users with read or r/w access are unable to view logs, eg: # svn --username whatever --password x svn://svn/repos/project/yada.txt svn: Item is not readable I must grant anonymous read access in authz and then it works: [/] * = r I've seen this reported earlier but no answer: http://svn.haxx.se/users/archive-2011-02/0141.shtml http://stackoverflow.com/questions/6651997/svn-show-log-not-working My question is why can't an authenticated user who has rights see the logs? Send the original reply only directly to you (rather than to the list). Hence sending again to increase the chances that this might trigger some light for someone else (and also for you in case my reply got lost somewhere): The issue seems to be on record in the SVN bugtracker: https://issues.apache.org/jira/browse/SVN-2960 . Can't say much more unfortunately. :-/ -- Regards, Stefan Hett
RE: view log problem with path authorization
?Any response to this? It does look like a bug to me... ? From: Phil Crooker Sent: Tuesday, 24 May 2016 6:10 PM To: users@subversion.apache.org Subject: view log problem with path authorization Newbie question - I have authenticated users with read or r/w access are unable to view logs, eg: # svn --username whatever --password x svn://svn/repos/project/yada.txt svn: Item is not readable I must grant anonymous read access in authz and then it works: [/] * = r I've seen this reported earlier but no answer: http://svn.haxx.se/users/archive-2011-02/0141.shtml http://stackoverflow.com/questions/6651997/svn-show-log-not-working My question is why can't an authenticated user who has rights see the logs? -- This message from ORIX Australia might contain confidential and/or privileged information. If you are not the intended recipient, any use, disclosure or copying of this message (or of any attachments to it) is not authorised. If you have received this message in error, please notify the sender immediately and delete the message and any attachments from your system. Please inform the sender if you do not wish to receive future communications by email. The ORIX Australia Privacy Policy outlines what kinds of personal information we collect and hold, how we collect and handle it and your rights in regards to your personal information. Our Privacy Policy is available on our website: http://www.orix.com.au . We do not accept liability for any loss or damage caused by any computer viruses or defects that may be transmitted with this message. We recommend you carry out your own checks for viruses or defects.
view log problem with path authorization
Newbie question - I have authenticated users with read or r/w access are unable to view logs, eg: # svn --username whatever --password x svn://svn/repos/project/yada.txt svn: Item is not readable I must grant anonymous read access in authz and then it works: [/] * = r I've seen this reported earlier but no answer: http://svn.haxx.se/users/archive-2011-02/0141.shtml http://stackoverflow.com/questions/6651997/svn-show-log-not-working My question is why can't an authenticated user who has rights see the logs? -- This message from ORIX Australia might contain confidential and/or privileged information. If you are not the intended recipient, any use, disclosure or copying of this message (or of any attachments to it) is not authorised. If you have received this message in error, please notify the sender immediately and delete the message and any attachments from your system. Please inform the sender if you do not wish to receive future communications by email. The ORIX Australia Privacy Policy outlines what kinds of personal information we collect and hold, how we collect and handle it and your rights in regards to your personal information. Our Privacy Policy is available on our website: http://www.orix.com.au . We do not accept liability for any loss or damage caused by any computer viruses or defects that may be transmitted with this message. We recommend you carry out your own checks for viruses or defects.
Re: Log problem
Hi, Thank you for your reply. My folders are up to date in my working copy, but the log information is the same either when requested on working copy resources or when using the repository URLs. Is strange that there is a long time since I work with this working copy structure and suddenly something which worked fine seems to be broken. Have any idea about what else could trigger this behavior ?! Best Regards, Florin From: Ryan Schmidt subversion-20...@ryandesign.com To: Florin Avram avnyr...@yahoo.com Cc: users@subversion.apache.org Sent: Wed, November 3, 2010 4:10:52 PM Subject: Re: Log problem On Nov 3, 2010, at 05:54, Florin Avram wrote: I've run over a strange situation and want to know if this is OK to happen (in my opinion it shouldn't). These are the details: - one of our servers has a repository with Subversion 1.4 format - I have a working copy from a given repository path, let it be http://R/svn/repos/userguide; - in my working copy, one of the folders has an external folder X, pointing to http://R/svn/repos/branches/rel/doc; - I modify a file from the external folder X and commit it - when looking over the log information of the root of my working copy, there is no entry for the commit which I've just made (this is OK, I've committed to an external resource) - after, I look over the log information of the folder at which my working copy external folder targets. There is no information about my commit there either, which is strange, I've committed from my external folder which is pointing to this one. Is the folder up to date? Use svn up and try again. - the folder to which my working copy external folder is pointing was copied from another branch, and if I do a log on that branch (the original one), then I can see my commit, which again is strange: why the commit goes there and not to the HEAD of the branch to which my external folder is pointing. I don't know if the above information helps you somehow, but I would like to know if this would be possible and if this is a repository side problem, taking into account that the repository has an old version (1.4). I doubt any problem exists.
Re: Log problem
[small nit: please don't top-post on this list, i.e. put your reply at the bottom, or inline.] On Fri, Nov 5, 2010 at 9:22 AM, Florin Avram avnyr...@yahoo.com wrote: Hi, Thank you for your reply. My folders are up to date in my working copy, but the log information is the same either when requested on working copy resources or when using the repository URLs. Is strange that there is a long time since I work with this working copy structure and suddenly something which worked fine seems to be broken. Have any idea about what else could trigger this behavior ?! Best Regards, Florin From: Ryan Schmidt subversion-20...@ryandesign.com To: Florin Avram avnyr...@yahoo.com Cc: users@subversion.apache.org Sent: Wed, November 3, 2010 4:10:52 PM Subject: Re: Log problem On Nov 3, 2010, at 05:54, Florin Avram wrote: I've run over a strange situation and want to know if this is OK to happen (in my opinion it shouldn't). These are the details: - one of our servers has a repository with Subversion 1.4 format - I have a working copy from a given repository path, let it be http://R/svn/repos/userguide; - in my working copy, one of the folders has an external folder X, pointing to http://R/svn/repos/branches/rel/doc; - I modify a file from the external folder X and commit it - when looking over the log information of the root of my working copy, there is no entry for the commit which I've just made (this is OK, I've committed to an external resource) - after, I look over the log information of the folder at which my working copy external folder targets. There is no information about my commit there either, which is strange, I've committed from my external folder which is pointing to this one. Is the folder up to date? Use svn up and try again. - the folder to which my working copy external folder is pointing was copied from another branch, and if I do a log on that branch (the original one), then I can see my commit, which again is strange: why the commit goes there and not to the HEAD of the branch to which my external folder is pointing. This seems very strange. If you commit a change into an external, it should go exactly to that external, not to some other location of which your external location is a copy. Are you sure that the external property is set correctly? Can you provide more details? Maybe give the exact contents of the svn:externals property, and an overview of the repository structure (feel free to obfuscate any paths or other information that may be confidential)? Just a wild guess: the syntax for the svn:externals property has changed (in 1.5 I believe): the order of the URL and the target were reversed (among other things). See http://svnbook.red-bean.com/en/1.5/svn.advanced.externals.html. Could it be that your problem is caused because the externals definition is now interpreted differently than before (by a 1.5+ client, as opposed to a 1.4 client previously)? Cheers, -- Johan
Re: Log problem
On Nov 5, 2010, at 05:05, Johan Corveleyn wrote: Just a wild guess: the syntax for the svn:externals property has changed (in 1.5 I believe): the order of the URL and the target were reversed (among other things). See http://svnbook.red-bean.com/en/1.5/svn.advanced.externals.html. Could it be that your problem is caused because the externals definition is now interpreted differently than before (by a 1.5+ client, as opposed to a 1.4 client previously)? The old externals syntax is still supported, but as of 1.5 an additional syntax is supported as well with the order reversed.
Log problem
Hi, I've run over a strange situation and want to know if this is OK to happen (in my opinion it shouldn't). These are the details: - one of our servers has a repository with Subversion 1.4 format - I have a working copy from a given repository path, let it be http://R/svn/repos/userguide; - in my working copy, one of the folders has an external folder X, pointing to http://R/svn/repos/branches/rel/doc; - I modify a file from the external folder X and commit it - when looking over the log information of the root of my working copy, there is no entry for the commit which I've just made (this is OK, I've committed to an external resource) - after, I look over the log information of the folder at which my working copy external folder targets. There is no information about my commit there either, which is strange, I've committed from my external folder which is pointing to this one. - the folder to which my working copy external folder is pointing was copied from another branch, and if I do a log on that branch (the original one), then I can see my commit, which again is strange: why the commit goes there and not to the HEAD of the branch to which my external folder is pointing. I don't know if the above information helps you somehow, but I would like to know if this would be possible and if this is a repository side problem, taking into account that the repository has an old version (1.4). Thank you. Best Regards, Florin
Re: Log problem
On Nov 3, 2010, at 05:54, Florin Avram wrote: I've run over a strange situation and want to know if this is OK to happen (in my opinion it shouldn't). These are the details: - one of our servers has a repository with Subversion 1.4 format - I have a working copy from a given repository path, let it be http://R/svn/repos/userguide; - in my working copy, one of the folders has an external folder X, pointing to http://R/svn/repos/branches/rel/doc; - I modify a file from the external folder X and commit it - when looking over the log information of the root of my working copy, there is no entry for the commit which I've just made (this is OK, I've committed to an external resource) - after, I look over the log information of the folder at which my working copy external folder targets. There is no information about my commit there either, which is strange, I've committed from my external folder which is pointing to this one. Is the folder up to date? Use svn up and try again. - the folder to which my working copy external folder is pointing was copied from another branch, and if I do a log on that branch (the original one), then I can see my commit, which again is strange: why the commit goes there and not to the HEAD of the branch to which my external folder is pointing. I don't know if the above information helps you somehow, but I would like to know if this would be possible and if this is a repository side problem, taking into account that the repository has an old version (1.4). I doubt any problem exists.