Why does svn authz need read access by default?

Question

I need to give read/write access for a user to an exactly one repository.

Why this doesn't work?

[groups]
dev = dvolosnykh,sam

[/ukk]
ukk = rw

[/]
@dev = rw

Why should I add this?

[/]
@dev = rw
* = r # read access for everyone. Why?

I'm using dav_svn, apache2, Linux Ubuntu server 11.04

My dav_svn.conf:

<Location /svn>

  DAV svn

  SVNParentPath /var/svn
  SVNListParentPath On

  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  AuthzSVNAccessFile /etc/apache2/dav_svn.authz

  Require valid-user

</Location>

Answer 1

By default, nobody has any access to the repository at all. That means that you'll probably want to give at least read permission to all users at the root of the repository. You can do this by using the asterisk variable (*), which means “all users”:

[/]
* = r

This is a common setup; notice that no repository name is mentioned in the section name. This makes all repositories world-readable to all users. Once all users have read access to the repositories, you can give explicit rw permission to certain users on specific subdirectories within specific repositories.

Answer 2

Well, you can (and really have) to have for your case perfectly valid dav_svn.authz file

[groups]
dev = dvolosnykh,sam

[/ukk]
@dev = rw

[/]
* =

Re-read authz-file format^ section-name is path, left side of access operand is object (user or group), right side is access-type, there empty is NONE

Answer 3

Check conf/svnserve.conf for the lines

# anon-access = read
# auth-access = write

These are the defaults, for anonymous and authenticated users, but you can uncomment and change them to read, write, or none.

Answer 4

You should confiure like this here below :

[<repo_name>:<path-in-repo>]

Example :

[osirisProject:/]

@grp_W = rw