Re: Hook for pre-checkout?

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-07-27 06:08:56 CEST

Rogers, Donald wrote:
> The httpd.conf has this stuff in it to allow read at the top level but cut off read to the lower levels except to the one folder allowed to each user:
>
> [snip config]

Just curious: Why aren't you using the AuthzSVNAccessFile directive and
a set of authz ACLs to do the restriction work for you? It was designed
to restrict access to paths inside the repository.

I suspect your current configuration is failing because you assume a
Subversion client will query the same paths as Firefox will, which is
not true: to get the job done, the Subversion client will query weird
and wonderful WebDAV URLs that may not bear much resemblance to the one
you configure limits for.

This is why authz access control exists: the mod_authz_svn module gives
you the possibility to control access based on the actual path in the
repository being accessed, rather than based on the URL the WebDAV
client is accessing.

Authz is described and documented at:
http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2

Hope that helps,
- Dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 27 06:13:42 2005

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Hook for pre-checkout?"
Previous message: Darryl Woods: "shared working copy and permissions"
In reply to: Rogers, Donald: "Hook for pre-checkout?"
Next in thread: Ben Collins-Sussman: "Re: Hook for pre-checkout?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]