Adam K's picture
I've setup a Turnkey RCS server, and installed LikeWise-Open to allow Active Directory users to authenticate to the machine. I've created an AD user group to contain the users which will have write access to the SVN repositories, and I've changed the permissions of the repositories folders so that the group has rwx permissions. Group members can checkout the code, but are unable to checkin: svn: E170001: Authorization failed Any ideas would be appreciated :)
Forum: 
Adam K's picture

Hi JM,

Yes I'm fairly sure.  Details of the setup are below:

I moved the contents of /srv/repos (bzr, git, hg, svn folders) to /mnt/repo, and created symlinks to the new location of each folder.

The owner & group for the symlinks is root/root.

The owner of each of the folders in /mnt/repo is root, however the group is an AD group - this permission was applied recursively: 

  • cd /mnt/repo 
  • chgrp -R "groupname" *

The permissions applied to these folders are 775.

  • chmod -R 775 *

Inside the /mnt/repo/svn folder are 3 repositories (including the default helloworld).

I can checkout the helloworld repository using:

svn co svn://<repo address>/svn/helloworld

However trying to commit changes results in "Authorization failed".

 

If I modify the svnserve.conf file in the helloworld/conf folder, and set anon-access = write, then I can commit without error (but anonymously, which is useless).

 

Any suggestions for how to enable my AD users to commit to the repositories would be greatly appreciated :)

Adam K's picture

JM,

Logging into the Repository server as an AD user, checking out the helloworld repository and then checking it back in results in:

  • svn: Commit failed (details follow):
  • svn: Authorization failed

SVN appears to be using some other mechanism (apart from just file/folder permissions) to control which users have write access to the repository.

Adam K's picture

The svnserve.conf file is vanilla for the Turnkey rcs image, and hasn't been modified:

  • [general]
  • # anon-access = read
  • # auth-access = write
  • # password-db = passwd
  • # authz-db = authz
  • # realm = My First Repository
  • [sasl]
  • # use-sasl = true
  • # min-encryption = 0
  • # max-encryption = 256

sasl is enabled (by default), and svnserve is build with sasl support.

Add new comment