Problem setting up authz on svnserve
264 views
Skip to first unread message
Rick Varney
Feb 5, 2016, 5:31:46 PM2/5/16
to us...@subversion.apache.org
Hello,
I am a newbie to using authz, and am trying to set it up for the first time. For reasons I don't understand, I can't seem to get it working.
I am using svnserve and fsfs, subversion 1.8.10 for both server and client for testing.
My svnserve.conf setup is:
anon-access = none
password-db = passwd
authz-db = authz
Initial contents of my authz file (just trying to get *any* authz setup to work at this point):
[/]
* = rw
With this setup, here is what my client says when I try to do an svn ls:
$ svn ls svn://my_repos
svn: E210002: Unable to connect to a repository at URL 'svn://my_repos'
svn: E210002: Network connection closed unexpectedly
I have tried giving an absolute path to authz, checking it into the repository and giving a URL but the result is the same each time. As soon as I uncomment the authz-db line in svnserve.conf any access to the repo results in the above error. When I comment the authz-db line again, the problem goes away.
The permissions, ownership, and location of my authz file match those of my passwd file, and svnserve is accessing the passwd file ok.
Errors I see in my svnserve.log that *may* be related are:
28207 2016-02-03T18:31:50.113582Z xxx.xx.xx.xxx - - ERR - 0 210002 Network connection closed unexpectedly
28540 2016-02-03T18:50:55.871361Z xxx.xx.xx.xxx - - ERR - 0 104 Can't read from connection: Connection reset by peer
But these only occurred rarely, and not each time I tried to access the repo and got the above client error.
At this point I'm stuck. Am I doing anything obviously wrong?
Any suggestions on how I can debug this?
Many thanks!
Rick Varney
Daniel Shahaf
Feb 6, 2016, 7:22:09 PM2/6/16
to Rick Varney, us...@subversion.apache.org
Rick Varney wrote on Fri, Feb 05, 2016 at 09:31:40 -0800:
> Errors I see in my svnserve.log that *may* be related are:
>
> 28207 2016-02-03T18:31:50.113582Z xxx.xx.xx.xxx - - ERR - 0 210002 Network
> connection closed unexpectedly
>
> 28540 2016-02-03T18:50:55.871361Z xxx.xx.xx.xxx - - ERR - 0 104 Can't read
> from connection: Connection reset by peer
>
> But these only occurred rarely, and not each time I tried to access the
> repo and got the above client error.
>
You can do 'svnserve --foreground -d --root=/path/to/repos
> Errors I see in my svnserve.log that *may* be related are:
>
> 28207 2016-02-03T18:31:50.113582Z xxx.xx.xx.xxx - - ERR - 0 210002 Network
> connection closed unexpectedly
>
> 28540 2016-02-03T18:50:55.871361Z xxx.xx.xx.xxx - - ERR - 0 104 Can't read
> from connection: Connection reset by peer
>
> But these only occurred rarely, and not each time I tried to access the
> repo and got the above client error.
>
--listen-port=3691 --log-file=/dev/stdout' and test against that svnserve
instance to ensure the log messages are related to a particular client
action. (You can run multiple instances in parallel.)
> At this point I'm stuck. Am I doing anything obviously wrong?
>
> Any suggestions on how I can debug this?
the same time, I would suspect a firewall or proxy or a network
misconfiguration. (That said, I don't see how enabling path-based authz
would affect the on-the-wire traffic, given that anon-access=none is set.)
Try 'svnauthz accessof' and check that your user is reported as "r" or "rw".
Try 'svn info svn://localhost' locally on the server: does it
fail in the same way as on the client?
Cheers,
Daniel
P.S. If you don't have /dev/stdout you can use --log-file=/dev/fd/1 or
--log-file=$(tty).
Rick Varney
Feb 9, 2016, 12:36:15 AM2/9/16
to Daniel Shahaf, us...@subversion.apache.org
On Sat, Feb 6, 2016 at 4:22 PM, Daniel Shahaf <d...@daniel.shahaf.name> wrote:
>
>
> You can do 'svnserve --foreground -d --root=/path/to/repos
> --listen-port=3691 --log-file=/dev/stdout' and test against that svnserve
> instance to ensure the log messages are related to a particular client
> action. (You can run multiple instances in parallel.)
>
Thank you! This proved to be good advice. I was unaware I could run
>
>
> You can do 'svnserve --foreground -d --root=/path/to/repos
> --listen-port=3691 --log-file=/dev/stdout' and test against that svnserve
> instance to ensure the log messages are related to a particular client
> action. (You can run multiple instances in parallel.)
>
multiple svnserve processes in parallel.
When I started a second svnserve process, I discovered it worked
perfectly fine with my authz setup. Also,
I noticed that doing "svn log" was starting to produce a "Network
connection closed unexpectedly" error on the
client side, making me suspicious my main svnserve process was getting
flaky for whatever reason. I restarted
my main svnserve process and my problem went away.
I don't understand why my svnserve process starting behaving this way,
but the problem is resolved for now.
I was able to modify my authz file to achieve my current access goals.
Many thanks for helping me get unstuck!
Best regards,
Rick Varney
Reply all
Reply to author
Forward
0 new messages