SVN path-based authentication problem

Question

I am using an authz file to restrict access to a subversion server (svnserve). I would like to grant a user read-write access to a specific project in a repository, but no access to other projects in the same repository. My authz file looks like this:

[groups]
trusted = userA,userB,userC

[/]
@trusted = rw
* =

[repo1:/project1]
userD = rw

However with this authz file, userD can only read, but not write to /project1.

If I add the following:

[repo1:/]
userD = r

Then userD can both read and write to /project1.

This does not make any sense to me. According to the subversion book, "the most specific path always matches first", so there should be no need for this. Furthermore, I can't understand that setting read permission is what actually lets this user write to the project.

Can anyone help?

Answer 1

This seems to be a similar or the same bug as mentioned here in versions below 1.5. I would highly recommend upgrading your repositories and SVN version to 1.6. That can be kind of a pain though, as you'd have to dump and load the entire repo. There's a good guide on migrating your repository here. If your repo is small, it's not too long of a process (I've done it in a corporate environment).

An alternative would be to use apache as your SVN server host.

EDIT:

After scouring through the SVN changelogs, I found this in 1.4.3 Changes:

fixed: authz requires read access for root for writes (issue #2486)

This sounds like your issue. So supposedly it should be fixed after version 1.4.3.