Geoff Field wrote on Wed, Apr 09, 2014 at 13:58:30 +1000: > Do you grant global read/write access to that repository at all? > Not sure, about this. Can you please tell me where this param > value specified? > > In your Subversion.conf file, there could be a line - most likely > related to that repository - that says something like: >
It's good practice not to refer to files by name but by function since the name may change among vendors. In particular, when I saw "subversion.conf" I thought you were referring to an httpd.conf directives files. > Of course, I'm making a lot of assumptions here, but that's what works > for us. We've been known to make specific repositories private in our > configuration by saying (for that repository): > > * = > > I'm not totally convinced it will work, since the individual settings > seem to override the global ones. More knowledgeable heads than mine > might have more of a clue. There are a number of cases where settings are overridden by other settings. For example: when a section name is repeated; when both [/path] and [foo:/path] exist; when a [/path] stanza contains multiple LHS tokens that match the authenticated username. Also there is the question of whether the correct file is being edited (an easy way to test this is to insert an intentional syntax error into the file; the next request on a new connection should then fail with HTTP 500). (And before someone points out that causing HTTP 500's on a live site is bad practice: it's bad practice to test an authz file on a live site, so I'm assuming the edits are done initially in a test setup (maybe a test <Location> with a different authentication backend).) My advice is: use 'svnauthz accessof' to debug your authz file. If you can't get it to do what you want, make a minimal example that shows the problem (as few users / paths / repos as possible) and post it here with an explanation of what semantics (access matrix) you'd like to achieve. http://subversion.apache.org/docs/release-notes/1.8#svnauthz_accessof Daniel
