AuthzSVNAccessFile - do I misunderstand something?

I'm having a little difficulty with access permissions, as specified in a
file declared via AuthzSVNAccessFile:

In /etc/httpd/conf.d/subversion.conf, I have the following entry inside the
<Location> section:

  AuthzSVNAccessFile /svnrepos/repositories/TestRepos/accessRules

I have the following directories in a test repository (stored in a
repository at /svnrepos/repositories/TestRepos):

  /trunk/A

  /trunk/ProjectB

  ...

  /branches/ProjectA/1.0

  /branches/ProjectA/1.1

  /branches/ProjectB/1.0

  ...

I have set up appropriate access controls for my test repository inside
/svnrepos/repositories/TestRepos/accessRules, shown below:

  # =====================

  [groups]

  Repository_Administrators = svnadmin

  ProjectA_Team = userid1, userid2

  ProjectA_Owner = userid1

  # =====================

  [/]

  # Repository administrators have write-access to the complete repository.

  @Repository_Administrators = rw

  # By default, everyone is allowed read access to the entire repository.

  * = r

  #------------------------------

  [/trunk/ProjectA]

  @ProjectA_Team = rw

  [/branches/ProjectA]

  @ProjectA_Owner = rw

  [/branches/ProjectA/1.0]

  @ProjectA_Team = rw

  [/branches/ProjectA/1.1]

  @ProjectA_Team = rw

Now, I'm having a problem where the owner of Project A wants to create a new
branch (1.2) by copying /trunk/ProjectA to /branches/ProjectA/1.2. Copying
URLs within subdirectories (such as copying /trunk/ProjectA/SomeDir to
/trunk/ProjectA/SomeOtherDir) works fine, however the moment the project
owner tries to copy from /trunk/ProjectA (across the / directory) into
/branches/ProjectA/1.2), the copy fails the following entry appears in
apache's error_log (/var/log/httpd/error_log):

  Access denied: 'userid2' MERGE TestRepos:/

Either I've misunderstood something fundamental about how access controls
work, or something isn't working quite right.

If I want to permit someone to copy a folder from /trunk/ABC to
/branches/ABC/123, where /branches/ABC was previously created by the
repository administrator, I assumed that that user only required
write-access to /branches/ABC and read-access to /trunk/ABC (and NOT
write-access to /). Clearly this assumption is incorrect.

Does someone that wants to copy /trunk/A to /branches/A/1.0 require
write-access to both /branches/A and /, or only to /branches/A ?

Any help will be most appreciated.

For reference sake, my software configs are as follows:

Server:

 Redhat linux 9

 svn 1.0.1-1 (subversion-tools-1.0.1-1, subversion-server-1.0.1-1 and
subversion-1.0.1-1)

 httpd-2.0.48-3

 apr-0.9.5-0.2

 apr-util-0.9.5-0.1

Client:

 Windows XP SP1

  svn 1.0.0

Any help will be greatly appreciated.

Regards,

Stuart.

DISCLAIMER: This information is intended only for the person or entity to
which it is addressed and may contain private, confidential, proprietary
and/or privileged material and may be subject to confidentiality agreements.
Any review, retransmission, dissemination, or any other use of or taking of
any action in reliance upon this information, by persons or entities other
than the intended recipient, is prohibited. If you received this in error,
please contact the sender and delete the material from all storage media.

Absolute Systems (Pty) Ltd
Tel: +27 (0)11 784 0078
Fax: +27 (0)11 784 0148
Web: <http://www.absolutesys.com/> www.absolutesys.com

 
Received on Mon Apr 5 16:29:09 2004