[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Idea for a more sophisticated user rights management

From: Travis P <svn_at_castle.fastmail.fm>
Date: 2004-08-31 17:54:52 CEST

On Aug 30, 2004, at 7:49 PM, Greg Hudson wrote:
> On Mon, 2004-08-30 at 10:30, Ben Collins-Sussman wrote:
>>> with apache and webdav a litte user management can be used. But the
>>> problem is that only
>>> the main directories may be protected. If I have all projects below
>>> the branches directories
>>> (eg /trunk/proj1 /trunk/proj2 /branches/version1/proj1) its not
>>> possible to set up
>>> some user rights. So I can protect /trunk/proj1 but not
>>> /branches/ver20/proj1 automatically.
>>
>> This is why we have mod_authz_svn. Please look at chapter 6.
>
> Uh, no; read the last sentence of the paragraph you quoted.
>
> This is (among other reasons) why we want in-FS ACLs.

In the immediate term, if the OP can tell what the version #s are going
to be, he could *perhaps* set mod_authz_svn permissions on those
directories even before they are created so that when created, they'll
have the restricted rights immediately. For example, I'm thinking:

[/branches/version1/proj1]
@proj1readnotallowed =
[/branches/version2/proj1]
@proj1readnotallowed =
...
[/branches/version500/proj1]
@proj1readnotallowed =

Of the real-life setup does not have the predictable structure that I
guessed from the mail list message, then this won't work. It might
also need to be tested to make sure mod_authz_svn will work as expected
in this case.

-Travis

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Aug 31 17:55:09 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.