Re: Error | svnauthz: E220003: Section appears more than once in the authz file: [groups]
On Fri, Apr 19, 2024 at 3:32 PM BK wrote:
> If the parser behaves like this in version 1.14, I take it as a given.
> I would be interested to know the reasons for this change?
>
The parsing change was actually made in 1.10. It was done in order to
implement "wildcarding" in path-based AuthZ [0].
Background [1], additional information [2].
tl;dr: With the implementation of wildcarding the ordering of the sections
in the AuthZ file have become critical.
Also note: as of SVN 1.10 the parsing of the AuthZ file now takes longer.
Small AuthZ files won't likely see the issue but large AuthZ files can
cause user-visible delays from Apache/svnserve. The workaround I've been
using is to break up the single "super" AuthZ files into per-repository
AuthZ files and use the Apache "AuthzSVNReposRelativeAccessFile" directive
(see example 4 in [3]).
> From the per repository point of view it didn't really help the clarity.
> But maybe there are more important reasons for the change.
>
I hope the above helps.
Cheers.
Doug
--
[0] https://subversion.apache.org/docs/release-notes/1.10.html#authzperf
[1] https://cwiki.apache.org/confluence/display/SVN/Authz+Improvements
[2] https://svn.haxx.se/dev/archive-2017-02/att-0188/
[3]
https://svn.apache.org/repos/asf/subversion/branches/1.10.x/subversion/mod_authz_svn/INSTALL
> Unfortunately, I don't have the expertise
> or sufficient programming knowledge to submit a patch.
>
> Best Regards,
> Bernhard
>
>
> Am 18.04.24 um 10:28 schrieb Daniel Sahlberg:
>
> The code as it is now seems to be very intentionally written to NOT allow
> multiple sections with the same name, see the check_open_section() function
> in authz_parse.c[1].
>
> I don't know if it would be possible to relax this restriction but feel
> free to take a look at the code and send a patch to
> d...@subversion.apache.org.
>
> It is not possible to switch back to the old authz parse code in version
> 1.14.
>
> Kind regards,
> Daniel
>
>
--
*Doug Robinson* Senior Product Manager
P +1 925 396 1125
*E* doug.robin...@cirata.com
--
THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY
BE PRIVILEGED
If this message was misdirected, Cirata Ltd. and its
subsidiaries, ("Cirata") does not waive any confidentiality or privilege.
If you are not the intended recipient, please notify us immediately and
destroy the message without disclosing its contents to anyone. Any
distribution, use or copying of this email or the information it contains
by other than an intended recipient is unauthorized. The views and opinions
expressed in this email message are the author's own and may not reflect
the views and opinions of Cirata, unless the author is authorized by Cirata
to express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by Cirata.
Although Cirata operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
Re: Error | svnauthz: E220003: Section appears more than once in the authz file: [groups]
If the parser behaves like this in version 1.14, I take it as a given. I would be interested to know the reasons for this change? From the per repository point of view it didn't really help the clarity. But maybe there are more important reasons for the change. Unfortunately, I don't have the expertise or sufficient programming knowledge to submit a patch. Best Regards, Bernhard Am 18.04.24 um 10:28 schrieb Daniel Sahlberg: The code as it is now seems to be very intentionally written to NOT allow multiple sections with the same name, see the check_open_section() function in authz_parse.c[1]. I don't know if it would be possible to relax this restriction but feel free to take a look at the code and send a patch to d...@subversion.apache.org. It is not possible to switch back to the old authz parse code in version 1.14. Kind regards, Daniel
Re: Error | svnauthz: E220003: Section appears more than once in the authz file: [groups]
Den ons 17 apr. 2024 kl 15:32 skrev BK : > Hello Pavel, > > That is the question. > Is it possible in version 1.14 to keep this format > (per repository) as it is possible in version 1.8? > I think this is clearer with a large number > of repositories on the server. > The code as it is now seems to be very intentionally written to NOT allow multiple sections with the same name, see the check_open_section() function in authz_parse.c[1]. I don't know if it would be possible to relax this restriction but feel free to take a look at the code and send a patch to d...@subversion.apache.org. It is not possible to switch back to the old authz parse code in version 1.14. Kind regards, Daniel [1] https://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/authz_parse.c?revision=1875971=markup#l310 > Regards, > Bernhard > > > Am 17.04.24 um 14:16 schrieb Pavel Lyalyakin: > > On Wed, 17 Apr 2024 at 15:08, BK wrote: > > Hello, > > After the change from Subversion 1.8 to 1.14 on my server > the access rights definitions in the svn_access_file > no longer work. > The following error message appears: > [authz_svn:error] Failed to load the mod_authz_svn config: Error while > parsing config file: '/opt/csvn/release/data/conf/svn_access_file': svnauthz: > E220003: Section appears more than once in the authz file: [groups] > > Is it no longer possible to define groups more than once > per repository in the acccess file? I find this style > more clearly organised, than to separate all groups > of the repos and the corresponding access rights > separate. > > Is there a possibility to stay in the old format (Subvesion 1.8)? > > Here is an extract from the svn_access_file file. > > ## > # server administrators > ## > [groups] > ApplicationServerAdmins = svnadm, admim1 > > # --- > # access rules for entire server content > # --- > [/] > @ApplicationServerAdmins = rw > > > ## > # test1 > ## > [groups] > test1_Administration = @ApplicationServerAdmins, user1 > test1_Users = user1 > > # --- > # access rules > # --- > [test1:/] > @test1_Administration = rw > [test1:/tags/to1/t1] > @test1_Users = rw > > > ## > # jira_test > ## > [groups] > jira_test_Administration = @ApplicationServerAdmins, admin2 > jira_test_Developer = user2 > > # --- > # access rules > # --- > [jira_test:/] > @jira_test_Administration = rw > @jira_test_Developer = rw > > > Thanks for your help, > Bernard > > I'm not familiar with this particular issue and the error message. But > why does your authz file have multiple [groups] sections? I think that > you should clean up the file and 1) Remove unnecessary entries. 2) > Group all group definitions in a single [groups] section. > > >
Re: Error | svnauthz: E220003: Section appears more than once in the authz file: [groups]
Hello Pavel, That is the question. Is it possible in version 1.14 to keep this format (per repository) as it is possible in version 1.8? I think this is clearer with a large number of repositories on the server. Regards, Bernhard Am 17.04.24 um 14:16 schrieb Pavel Lyalyakin: On Wed, 17 Apr 2024 at 15:08, BK wrote: Hello, After the change from Subversion 1.8 to 1.14 on my server the access rights definitions in the svn_access_file no longer work. The following error message appears: [authz_svn:error] Failed to load the mod_authz_svn config: Error while parsing config file: '/opt/csvn/release/data/conf/svn_access_file': svnauthz: E220003: Section appears more than once in the authz file: [groups] Is it no longer possible to define groups more than once per repository in the acccess file? I find this style more clearly organised, than to separate all groups of the repos and the corresponding access rights separate. Is there a possibility to stay in the old format (Subvesion 1.8)? Here is an extract from the svn_access_file file. ## # server administrators ## [groups] ApplicationServerAdmins = svnadm, admim1 # --- # access rules for entire server content # --- [/] @ApplicationServerAdmins = rw ## # test1 ## [groups] test1_Administration = @ApplicationServerAdmins, user1 test1_Users = user1 # --- # access rules # --- [test1:/] @test1_Administration = rw [test1:/tags/to1/t1] @test1_Users = rw ## # jira_test ## [groups] jira_test_Administration = @ApplicationServerAdmins, admin2 jira_test_Developer = user2 # --- # access rules # --- [jira_test:/] @jira_test_Administration = rw @jira_test_Developer = rw Thanks for your help, Bernard I'm not familiar with this particular issue and the error message. But why does your authz file have multiple [groups] sections? I think that you should clean up the file and 1) Remove unnecessary entries. 2) Group all group definitions in a single [groups] section.
Error | svnauthz: E220003: Section appears more than once in the authz file: [groups]
Hello, After the change from Subversion 1.8 to 1.14 on my server the access rights definitions in the svn_access_file no longer work. The following error message appears: [authz_svn:error] Failed to load the mod_authz_svn config: Error while parsing config file: '/opt/csvn/release/data/conf/svn_access_file': svnauthz: E220003: Section appears more than once in the authz file: [groups] Is it no longer possible to define groups more than once per repository in the acccess file? I find this style more clearly organised, than to separate all groups of the repos and the corresponding access rights separate. Is there a possibility to stay in the old format (Subvesion 1.8)? Here is an extract from the svn_access_file file. ## # server administrators ## [groups] ApplicationServerAdmins = svnadm, admim1 # --- # access rules for entire server content # --- [/] @ApplicationServerAdmins = rw ## # test1 ## [groups] test1_Administration = @ApplicationServerAdmins, user1 test1_Users = user1 # --- # access rules # --- [test1:/] @test1_Administration = rw [test1:/tags/to1/t1] @test1_Users = rw ## # jira_test ## [groups] jira_test_Administration = @ApplicationServerAdmins, admin2 jira_test_Developer = user2 # --- # access rules # --- [jira_test:/] @jira_test_Administration = rw @jira_test_Developer = rw Thanks for your help, Bernard
Re: Error | svnauthz: E220003: Section appears more than once in the authz file: [groups]
On Wed, 17 Apr 2024 at 15:08, BK wrote: > > Hello, > > After the change from Subversion 1.8 to 1.14 on my server > the access rights definitions in the svn_access_file > no longer work. > The following error message appears: > [authz_svn:error] Failed to load the mod_authz_svn config: Error while > parsing config file: '/opt/csvn/release/data/conf/svn_access_file': svnauthz: > E220003: Section appears more than once in the authz file: [groups] > > Is it no longer possible to define groups more than once > per repository in the acccess file? I find this style > more clearly organised, than to separate all groups > of the repos and the corresponding access rights > separate. > > Is there a possibility to stay in the old format (Subvesion 1.8)? > > Here is an extract from the svn_access_file file. > > ## > # server administrators > ## > [groups] > ApplicationServerAdmins = svnadm, admim1 > > # --- > # access rules for entire server content > # --- > [/] > @ApplicationServerAdmins = rw > > > ## > # test1 > ## > [groups] > test1_Administration = @ApplicationServerAdmins, user1 > test1_Users = user1 > > # --- > # access rules > # --- > [test1:/] > @test1_Administration = rw > [test1:/tags/to1/t1] > @test1_Users = rw > > > ## > # jira_test > ## > [groups] > jira_test_Administration = @ApplicationServerAdmins, admin2 > jira_test_Developer = user2 > > # --- > # access rules > # --- > [jira_test:/] > @jira_test_Administration = rw > @jira_test_Developer = rw > > > Thanks for your help, > Bernard I'm not familiar with this particular issue and the error message. But why does your authz file have multiple [groups] sections? I think that you should clean up the file and 1) Remove unnecessary entries. 2) Group all group definitions in a single [groups] section. -- With best regards, Pavel Lyalyakin VisualSVN Team
