Jehan,
I have been treating the repository root as belonging to some kind of
svn superuser.
The superuser is the only one having commit access to the root level
which implies that anyone wishing to allocate a new project will have to
ask the superuser to do so for him.
Once the project exists this restriction will not matter any more since
procacci and tutu both have the required access privileges to their
respective svn directories.
Since allocating new projects is surely not such a frequent job the
effort of creating those folders should not overcharge the repository
administrator (aka superuser) ;-)
Hope this helps,
Thomas
> -----Original Message-----
> From: Jehan PROCACCIA [mailto:Jehan.Procaccia@int-evry.fr]
> Sent: Tuesday, October 10, 2006 3:29 PM
> To: users@subversion.tigris.org
> Subject: svn authz users strategies
>
> hello,
> I am trying to fine grained acces controls, here's a simple
> scenario, my authz file (called from svnserve.conf) contain that:
> [svn@share /var/www/svnweb/repos/s2ia/conf] $ cat authz
> [groups] s2ia = procacci,tutu [/] @s2ia = r [/procacci]
> procacci = rw tutu = [/tutu] tutu = rw procacci =
>
> I want both users procacci and tutu to have full access to
> their personnal "subdirectory" in the s2ia repository, but no
> rights to others directory.
> It seems to work, exept that now there's a only a Read acces
> to / for the group , tutu is unable to perform it's initial import:
>
> [tutu@anaconda ~]
> $svn import ./tutu -m "import initial tutu"
> svn+ssh://svn@share.int-evry.fr/var/www/svnweb/repos/s2ia/tutu
> svn: Access denied
>
> I don't want to set rw on / because I don't want users to
> "garbage" the repository with /xxx "subdirectories" anywhere,
> I want them to be able to write only below their username
> (/login). You might says that I could create a repository for
> each and every users, but I don't want to manage hundreds of
> repository config :-( .
> Any advice ?
>
> PS: by the way, I also tried to set "absolute" path in authz
> file, like [s2ia:/procacci] procacci = rw, but then I always
> get authorization refused for every svn command as user
> procacci :-( ! why I can't set the repository in front of the
> access rule ?
>
> Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Oct 11 09:33:59 2006