I have a number of svn repositories running under Apache+subversion on CentOS6/64, with Submin to provide a web GUI to manage them:
server.name/svn/foo server.name/svn/bar server.name/svn/blort etc All of them are private; all but one of them are single-user (me) so that I can carry on working from any of my machines in multiple locations. One of them is shared with colleagues on a project: they all have read/write privs on that repo. The URIs are not published or linked, and my colleagues are all well aware of the need to keep their shared URI private. But the requirement is that none of them must be open to casual read access via a web browser, in case someone happen to stumble upon or guess the URI. I am having problems getting the access privs right, as they keep causing "svn: E220000: Not authorized to open root of edit operation" during an svn up. However, in a long exchange with the very helpful submin support (https://ssl.supermind.nl/collab/projects/submin/ticket/336) we have failed to identify settings that work. Currently the svn/conf/authz file says > [groups] > dev = a,b,c,d,e,me > > [foo:/] > @dev = rw > > [bar:/] > me = rw > > [blort:/] > me = rw The Apache conf.d/subversion.conf says: > <Location /svn> > DAV svn > SVNParentPath /var/lib/submin/svn > # removed GET from LimitExcept to prevent casual browsing > <LimitExcept PROPFIND OPTIONS REPORT> > AuthType Basic > AuthName "Authorization Realm" > AuthUserFile /etc/svn.auth > Require valid-user > </LimitExcept> > </Location> and svn.auth specifies a username:encryptedpassword pair for each member of [groups] in the usual way. 1. Browsing with a web browser causes a prompt for the username/password as expected. 2. An svn ci operation works fine. 3. An svn up operation fails, and always causes an E220000 error. 4. Replacing the GET in the LimitExcept config allows svn up to work without error, but allows casual browsing of the web interface. Is there a way to prevent the casual browsing while avoiding the E220000 error? ///Peter