Hi,
I use the authz_svn_module in 'repocafe' :
http://repocafe.science.uu.nl/
installed here :
https://svn.science.uu.nl/
My config :
<Location /repos>
DAV svn
SVNParentPath /data/svn/repos
AuthzSVNAccessFile /data/svn/admin/svnaccessfile
!! <LimitExcept PROPFIND>
Satisfy Any
Require valid-user
AuthType Basic
AuthName "Subversion repository"
AuthBasicProvider svnlocal ldap_science
!! </LimitExcept>
</Location>
The problem is with 'private' repos with a 'public' subtree ;
https://svn.science.uu.nl/index.php?RID=1278
From the AuthzSVNAccessFile :
[project.mirmon:/]
penni101 = rw
# anonymous read not allowed
* =
[project.mirmon:/trunk]
penni101 = rw
# anonymous read allowed
* = r
So, https://svn.science.uu.nl/repos/project.mirmon/trunk
should work as if it was 'public' (anonymous access allowed).
But, without the "LimitExcept" lines in the config shown above,
these commands work :
% svn ls //svn.science.uu.nl/repos/project.mirmon/trunk
% svn cat //svn.science.uu.nl/repos/project.mirmon/trunk/probe
but (and this is the PROBLEM) the checkout command prompts
for a username/password :
% svn co //svn.science.uu.nl/repos/project.mirmon/trunk
With the "LimitExcept" lines in the config, the checkout
command works, although some errors appear in the log
(see below).
So, it appears that the 'checkout' command does a
PROPFIND /repos/project.mirmon/!svn/rvr/64/trunk
which causes the username/password-prompt when the
"LimitExcept" lines are omitted.
-- Does this diagnosis make sense ?
-- How do I make this work, without the LimitExcept trick ?
Note :
-- The server is apache-2.4, but 2.2 appears to have probs too.
I wonder how authz_svn_module is supposed to work under 2.4
proper (without the 'old' "satisfy any". Shouldn't authz_svn_module
set an environment variable in the case "r = *" (anonymous read) ?
-- I looked for guidance here :
https://svn.apache.org/repos/asf/subversion/trunk/subversion/mod_authz_svn/INSTALL
G. Example 7: Authenticated access to "Collection of Repositories"
It comes close to my case, but it doesn't work.
Thanks for your help ; much appreciated ; groeten,
Henk Penning
------------------------------------------------------------ _
Henk P. Penning, ICT-beta R Uithof HFG-406 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penn...@uu.nl \_/
Log-entries for
% svn co //svn.science.uu.nl/repos/project.mirmon/trunk
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS
/repos/project.mirmon/trunk HTTP/1.1" 200 97 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "PROPFIND
/repos/project.mirmon/!svn/rvr/64/trunk HTTP/1.1" 207 342 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS
/repos/project.mirmon/trunk HTTP/1.1" 200 97 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "OPTIONS
/repos/project.mirmon/trunk HTTP/1.1" 200 200 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
==> svn/error.log <==
[Sat Jan 14 14:23:10.690943 2017] [authz_svn:error] [pid 31902] [client
37.48.69.238:47680] Access denied: - PROPFIND project.mirmon:/
==> svn/access.log <==
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "PROPFIND
/repos/project.mirmon/!svn/rvr/64 HTTP/1.1" 403 234 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3"
37.48.69.238 - - [14/Jan/2017:14:23:10 +0100] "REPORT
/repos/project.mirmon/!svn/me HTTP/1.1" 200 201362 "-" "SVN/1.8.8
(x86_64-pc-linux-gnu) serf/1.3.3
