1

Background

I have been running svnserve version 1.8.17 configuration management software on my windows intranet for years with now 10 PCs. The PCs use TortoiseSVN as the client. Now I need to add another user who has access only to a sub-folder. This means altering the authz file.

Problem

When I add a path to the authz file, I get error Invalid authz configuration. Here is my sanitized authz file:

[groups]
mygroup = rtischer
othergroup = smith

[/]
@mygroup = rw

# causes 'Invalid authz configuration' when these lines are included
[Hiveware:\Hiveware\bbb\ccc\projname]
@othergroup = rw

And the following are my sanitized paths:

C:\svn\Hiveware\conf\authz
C:\svn\Hiveware\db
C:\Hiveware\bbb\ccc\projname

The following text, taken from Subversion documentation page xxii, says my path syntax is correct:

For consistency, the examples in this book assume that the reader is using a Unix-like operating system and is relatively comfortable with Unix and command-line interfaces. That said, the svn program also runs on nonUnix platforms such as Microsoft Windows. With a few minor exceptions, such as the use of backward slashes () instead of forward slashes (/) for path separators, the input to and output from this tool when run on Windows are identical to that of its Unix counterpart.

I couldn't find out what those "minor exceptions" were though.

Question

Is there another syntax that works? Or is this really a bug after all these years?

bahrep
  • 29,961
  • 12
  • 103
  • 150
rtischer8277
  • 496
  • 6
  • 27
  • For the record, I never got this to work despite @barhep's good help. His answer is still valid though in the sense that he corrected and made precise the syntax for the windows path. That leaves me with the conclusion that there is a bug in **svnserve** for the windows platform. – rtischer8277 May 16 '20 at 17:37
  • Note that you did not show us the contents of your `authz` file. Only some `aaa bbb ccc` examples. – bahrep May 21 '20 at 14:09
  • I updated the **Problem** section to reflect exactly (although sanitized) my *authz* file. I show the paths on my **svnserve** PC. I am in doubt whether the root folder, *Hiveware*, should be repeated after the colon (ie, *[Hiveware:\bbb\ccc\projname]*. I tested both ways and both failed. – rtischer8277 May 21 '20 at 15:41
  • Please see the updated answer https://stackoverflow.com/a/61776809/761095 – bahrep May 21 '20 at 16:35

1 Answers1

1

Please read SVNBook | Path-based authoriztion and consider examples given in this chapter.

# causes 'Invalid authz configuration' when these lines are included
[C:\aaa\bbb\ccc\smith]

The authz expects paths within the repository. It is OS-independent and has nothing to do with paths on your filesystem. Therefore, the line should look as follows

[REPOSITORYNAME:/MyProject/smith]

IMPORTANT: Paths is Subversion are case-sensitive. Therefore, you should make sure that paths in your authz file are correct.

Update

The directory at C:\svn\Hiveware\ is your repository. C:\Hiveware\bbb\ccc\projname is a path of a working copy checked out from a repository - it is irrelevant to the question.

When you use svnserve, the path to the authz file is specified in the svnserve.conf as value of the authz-db directive. Please make sure that the path is correct. You should also make sure that you correctly specify the repositories root -r when starting svnserve. In your case is has to point to C:\svn.

Assuming that everything else is correct, the line in your authz-db file should be as follows

[Hiveware:/bbb/ccc/projname]

Note forward slashes instead of back slashes and that the name of the repository is omitted after :. The name is already specified in the line and you don't need repeat it again.

bahrep
  • 29,961
  • 12
  • 103
  • 150
  • I only have one repository so the path should be: [/aaa/bbb/ccc/smith]. Capitalization has been checked. But when I do a *repo-browser* command, I still get **Authorization failed**. Same error whether the command is done from *aaa*, *smith* or on a file in *smith*. At least the **authz** file is no longer invalid though. – rtischer8277 May 13 '20 at 16:18
  • even if you have only one repository you need to specify the name of the repository as `[REPOSITORYNAME:` unless you use per-repository authz files. Check the server's logs for additional hints. – bahrep May 13 '20 at 16:20
  • Adding the repository name makes the path become: [aaa:/aaa/bbb/ccc/smith]. This syntax works. Unfortunately, *smith* now has rw access to all files so something must still be wrong with the path. Should the path start from after the base? – rtischer8277 May 13 '20 at 18:17
  • @rtischer8277 remove aaaa after first slash. this is a nameof the repository, not a *path within this repository*. – bahrep May 13 '20 at 18:30
  • The path is now [aaa:/bbb/ccc/smith]. Authorization fails up and down the tree. Where would I find the server logs you mentioned above on Windows ? – rtischer8277 May 13 '20 at 18:44
  • @rtischer8277 1. Please note that I cannot give any more hints without seeing the content of the `authz` file and the paths in your repository. 2. I would recommend that you carefully examine your file and compare it with the examples from SVNBook (see the link in the answer). 3. You would not have all these problems should use [VisualSVN Server](https://www.visualsvn.com/server/) - it provides a UI to manage repository permissions. 4. Read about Apache logging at https://www.visualsvn.com/support/svnbook/serverconfig/httpd/#svn.serverconfig.httpd.extra.logging – bahrep May 13 '20 at 18:55
  • I tested changing `[\]` to `[Hiveware:/]` expecting the behavior to be the same as without the repository name. I wasn't. I got a popup asking me if I wanted to work offline as there was a problem contacting the server. – rtischer8277 May 21 '20 at 17:00
  • Success. Sensing there is a problem with the REPOSITORY: section, I removed it so only `[/bbb/ccc/projname]` was left and it worked. Perhaps there is a bug in the windows implementation. – rtischer8277 May 21 '20 at 17:22
  • Probably no bug, just a fragile implementation that was never tested for windows-one-only-repository, in this case `Hiveware`. Meaning, it was implied by the developer (or overlooked) that you wouldn't put a repository name in the section since it doesn't need one. – rtischer8277 May 21 '20 at 18:00
  • @rtischer8277 thank you for the info. I think that I will have to test this in a testing environment. Note that SVN 1.8.x is outdated and is not supported anymore (it does not receive any patch updates). The latest release is 1.13.x (non-LTS) and SVN 1.14.0 is going to be released soon. – bahrep May 21 '20 at 19:09