[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

mod_authz_svn and svn cp?

From: Stuart Robertson <dogmatix_at_absolutesys.com>
Date: 2004-04-07 14:09:49 CEST

I'm running into a strange authorization problem, and I'm hoping someone
might be able to shed some light.

I have a respository with the following layout:

  /trunk/ProjectA
  ...
  /branches/ProjectA
  /branches/ProjectA/1.0

and I want to set things up so that only team-*members* from ProjectA have
commit-access to Project A on trunk and selected branches, (e.g.
/trunk/ProjectA and /branches/ProjectA/1.0), whilst only the team-*leader*
for ProjectA has permission to create new folders directly under
/branches/ProjectA (for example, he might want to copy /trunk/ProjectA to
/branches/ProjectA/1.1, thereby creating the 1.1 branch).

Should be simple...? That's what I thought.

Assuming Bob and Fred are team-members on ProjectA, and Bob is
project-owner, I set things up to give the team (Bob and Fred) read-write
access to /trunk/ProjectA and /branches/ProjectA/1.0, whilst only Bob has
read-write access to /branches/ProjectA, shown in the AuthzSVNAccessFile
snippet shown below:

  [groups]
  ProjectA_Team = bob,
                  fred
  ProjectA_Owner = bob

  [/trunk/ProjectA]
  @ProjectA_Team = rw

  [/branches/ProjectA/1.0]
  @ProjectA_Team = rw
  
  [/branches/ProjectA]
  @ProjectA_Owner = rw

Given the above, surely Bob should be authorized to execute "svn cp
/trunk/ProjectA /branches/ProjectA/1.1", so as to create a new 1.1 branch?

In my situation, however, each time I try the above example, the SVN
command-line prompts me for new authentication information, first asking for
the password for Bob, then next asking for a new userid/password combo for
the repository. The only way I can get this to work is to grant Bob
read-write access to / (that is, to add the following two lines to the
access-control file:

  [/]
  @ProjectA_Owner = rw

Then everything works fine. Only problem is, that I don't want the Project
owner to have complete read-write access to the entire repository.

Anyone have some ideas what the problem might be? Or, is this a *feature*,
effectively stating that in order to copy from /trunk/ProjectA to
/branches/ProjectA/1.1 is effectively "copying across" /, and hence
read-write access is required for /?

Any help/ideas/pointers will be greatly appreciated.

Regards,
Stuart.

___________
DISCLAIMER: This information is intended only for the person or entity to
which it is addressed and may contain private, confidential, proprietary
and/or privileged material and may be subject to confidentiality agreements.
Any review, retransmission, dissemination, or any other use of or taking of
any action in reliance upon this information, by persons or entities other
than the intended recipient, is prohibited. If you received this in error,
please contact the sender and delete the material from all storage media.

 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Apr 7 14:11:11 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.