When doing operations like 'svn log' or 'svn ls' Subversion hides paths that are unreadable for user.
I.e. if repository contains the following directories: /public /private And authorization file looks like this: [/] * = r [/private] * = Then 'svn ls REPOROOT' command will return only /public directory. The 'svn log' command does the same. So from the user prespective the /private directory does not exist. The problem is that Subversion 1.8.x always logs an error for *every* access check for unreadable path.This result in thousands of error log messages for one request, even if user didn't tried to access unreadable path directly. In trunk (r1562417) behavior were slightly changed and all "access denied" messages now logged with 'warning' level instead of 'error'. But I'm not sure that current behavior is the best. I'm thinking to implement the following logic in mod_authz_svn: use different log level whether access denied for subrequest or for primary request (the URL user actually tried to access). Does it make sense? The other open question is which error level use for these 'soft' access denied messages: a) info (Like we do for access granted messages) b) warning I would like to resolve this problem before the 1.9 branch. The patch should be simple, but I need help from the community to make this decision. Thoughts? -- Ivan Zhakov
