5

I have set up an SVN repo with WebDAV access. For some reason it does not let checkout.

Here is my httpd.conf part:

<Location /svn>
  DAV svn
  SVNParentPath /home/svn/repositories
  AuthzSVNAccessFile /home/svn/dav_svn.authz
  Satisfy Any
  Require valid-user
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /home/svn/dav_svn.passwd
</Location>

I have two repositories named "first" and "second" and the content of dav_svn.authz is:

[first:/]
doe = rw
* = r

[second:/]
doe = rw
grig = rw
* = r

When I'm trying to checkout the second with user doe, I get this in error_log: user doe: authentication failure for "/svn/second": Password Mismatch

In order to understand what can be the problem I would like to better understand how the AuthzSVNAccessFile is supposed to work.

grigy
  • 241
  • 1
  • 2
  • 9
  • When you try to check out as user doe for the /svn/first does it work ? – proy Jul 10 '10 at 19:20
  • No. The same problem. – grigy Jul 11 '10 at 11:26
  • I have the same issue, but non of my users can have any access, the only way to get access is to use * =[rw]. Can it be that the users are not known by the AuthzSVNAccessFile? They do exist in AuthUserFile. Could it be a module dependency issue ? – Andreas Mattisson Feb 15 '18 at 07:57

3 Answers3

7

Does the error only occur for user doe on both repositories? Or does it fail for grig on the second repository? Assuming it fails for all users, and assuming the error isn't in the AuthUserFile and the SVNParentPath is correct, I think you need to add a default access rule for all of your repositories.

[/]
* = r

[first:/]
doe = rw

[second:/]
doe = rw
grig = rw

Or you could put users doe and grig into a group and do it as follows:

[groups]
secondteam = doe, grig

[/]
* = r

[first:/]
doe = rw

[second:/]
@secondteam = rw

You mention that you would like to better understand how the AuthzSVNAccessFile is supposed to work. I recommend reading this tutorial. A full path-based authorization file example from that tutorial for supporting multiple repositories is below: 

[groups]
admin = john, kate
devteam1 = john, rachel, sally
devteam2 = kate, peter, mark
docs = bob, jane, mike
training = zak

# Default access rule for ALL repositories
# Everyone can read, admins can write, Dan German is excluded.
[/]
* = r
@admin = rw
dangerman =

# Allow developers complete access to their project repos
[proj1:/]
@devteam1 = rw
[proj2:/]
@devteam2 = rw
[bigproj:/]
@devteam1 = rw
@devteam2 = rw
trevor = rw

# Give the doc people write access to all the docs folders
[/trunk/doc]
@docs = rw

# Give trainees write access in the training repository only
[TrainingRepos:/]
@training = rw
runlevelsix
  • 2,609
  • 21
  • 19
1

did you use "htpasswd" to add doe user to /home/svn/dav_svn.passwd or it was from some type of front-end admin ?

i had problems for example with Virtualmin/Webmin they were editing the htpasswd file in a format diffrent from apache, and the problem was solved by readding the user using htpasswd.

Kiss Stefan
  • 48
  • 5
0

just a check (I'm not sure, I'll check later) but isn't the syntax suposed to be [first:/home/svn/first]?

Where first is the name, and /svn/first would be the path to repo.

Not sure if it wil sove the problem , but I guess your current conf file isn't exactly what you want.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
Kiss Stefan
  • 48
  • 5
  • That file is generated by InDefero. But even if it's not correct it didn't work with [first:/home/svn/first] or [first:/home/svn/repositories/first]. – grigy Jul 11 '10 at 11:26
  • The path after the colon is the path within the repository itself. The path on the filesystem to the repository is already handled by the SVNParentPath directive. – rspeed Dec 13 '10 at 01:56