But It’s Only A Slash: svn.access

September 10, 2009

in sysadmin

I spent the good part of my morning today debugging an issue with a user’s access to a Subversion repository/trac service we provide. That person could not get even a basic svn checkout to work as expected. It would keep throwing errors like this:

Server sent unexpected return value (403 Forbidden) in response to OPTIONS request for {url}

I went up and down the stack, I poked and prodded the two web servers in question (Apache 2 and Lighttpd) and their authentication sources with multiple clients. I watched packet traces. I checked and rechecked every config I could lay my hands on to no avail. It was driving me crazy.

Finally, I realized that the mod_dav_svn file semantics for paths in an svn.access file distinguished between:

[repos:/dir/]
user1 = rw
user2 = rw

and

[repos:/dir]
user1 = rw
user2 = rw

The first only works if you’ve explicitly granted the same permissions to the parent directory as well, i.e.:

[repos:/]
user1 = rw
user2 = rw

while the second “does the right thing” to allow the users to have access to that path component without having to permit the parent directory as well.

Hopes this saves you some time.

Be Sociable, Share!

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: