#7343 closed defect (fixed)
Changeset module requires read permission to '/'
| Reported by: | anonymous | Owned by: | Christian Boos |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.3 |
| Component: | version control/changeset view | Version: | 0.10.4 |
| Severity: | critical | Keywords: | svnauthz, authzsourcepolicy |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
User can not see his own changeset contents if he does not have read permission to root directory of SVN repo (when using authz file).
Exists in 0.10.4 and 0.10-stable
Attachments (0)
Change History (13)
comment:1 by , 16 years ago
| Keywords: | svn authz added |
|---|---|
| Milestone: | → 0.10.6 |
comment:2 by , 16 years ago
| Milestone: | 0.10.6 |
|---|---|
| Severity: | major → critical |
| Version: | 0.10-stable → 0.11 |
comment:3 by , 16 years ago
| Keywords: | needinfo added |
|---|
Is this a defect or by design? If we take the analogy of a filesystem, if I don't have read permission to /, I can't access any other resources on that filesystem. Sounds reasonable to me.
This is assuming that by "read permission to root directory of SVN repo", you mean the permissions set-up in the authz file, not filesystem permissions.
Could you please give some precisions on your setup (especially regarding permissions)?
comment:4 by , 16 years ago
I'm talking about permissions set by authz file, sorry if it is not clear from my initial post.
if I don't have read permission to /, I can't access any other resources on that filesystem. Sounds reasonable to me.
SVN has different semantics. Otherwise it would be useless in commercial organizations. You can give a user permission to access a particular directory, no need for everybody in company to have access to whole repository recursively from root.
say you have SVN structure like this:
/ /component1/ /component2/
and authz file like this:
[repo:/] * = [repo:/component1/] auser = rw ....
Then in trac if auser goes to /browser - he will get permission error - this is ok (but still may be handled better). If he goes to /browser/component1/ - he will see his sources - ok. But if he wants to diff two revisions in /component1/ - he will get permissions error. Same error happens if he navigates a changeset (containing only changes to /component1/) link from timeline.
The problem is that diff module works on behalf of user and starts recursively from svn root.
follow-up: 6 comment:5 by , 16 years ago
| Keywords: | needinfo removed |
|---|---|
| Milestone: | → 1.0 |
Ok, I understand what you want to achieve. Does Subversion have these semantics? That is, if you set up SVN with the authz file above, can auser check out /component1?
I'm not too familiar with authz permission settings, so I'll leave this ticket to somebody else.
comment:6 by , 16 years ago
Replying to rblank:
Ok, I understand what you want to achieve. Does Subversion have these semantics?
yes, it does.
That is, if you set up SVN with the authz file above, can auser check out /component1?
yep
I'm not too familiar with authz permission settings, so I'll leave this ticket to somebody else.
comment:7 by , 16 years ago
I would also really appreciate fixing this bug. I have a whole huge repo in my organisation, and want my team, whose project uses Trac, to only see this project and nothing else. They do not have read permissions to the root, and they won't. And because of that they cannot use changesets.
Btw there is another security issue in changesets (timeline part): if they cannot read the directory, they still can see all the changes from it in the log. I hacked Postgres DB to make this work (not to change the Trac code).
comment:8 by , 15 years ago
| Keywords: | svnauthz added; svn authz removed |
|---|---|
| Milestone: | 1.0 → 0.12.1 |
comment:9 by , 15 years ago
A reason why read permission on / is sometimes not acceptable in subversion: if some UserA has / read permission but no read permission to a subdir projectInvisibleToUserA UserA can branch / to a subdir dir which is writeable for him and thus import all / subdirs. At least with subversion and path based authorization.
comment:10 by , 13 years ago
| Milestone: | next-minor-0.12.x → 0.12.3 |
|---|
I believe the patch added in #9976 also fixes this issue.
comment:11 by , 13 years ago
| Version: | 0.11 → 0.10.4 |
|---|
According to the comments, this had been an issue since 0.10.4 at least.
comment:12 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Should be fixed by r10907.
Please reopen if this is not the case.
comment:13 by , 11 years ago
| Keywords: | authzsourcepolicy added |
|---|
Same behavior in newly released 0.11. You have to have read access to SVN / to see any changeset, even your own.