I am running version 1.1.1 (using Apache on W2k3 server) and having a
problem with my authorization file. What I want is to allow r/w access
to the whole repository except for one directory, where I want r/w
access for one group and then read-only access to a sub-directory of
that directory. Here's an approximation of the structure
http://my-server.com/svn/repos2
/proj one/...
/proj two/...
/proj three
/released/...
/trunk/...
So essentially I want to allow read/write access to everything for all
the groups with the following exceptions for "proj three" and it's
"sub-directories":
1. No access to "proj three" for apps-hwdev (they only know hardware
anyway...)
2. read-only access to only the "proj three/released" sub-dir for
apps-swdev (the lowly application developers)
3. read/write access to all of "proj three" for rtos-swdev (the
Real-Time Operating System "gods")
Here's the relavant section of httpd.conf:
<Location /svn/>
DAV svn
# Repository location
SVNParentPath E:/Apache2/svn/
# Repository Authentication Mechanism
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile etc/svn-auth-file
AuthzSVNAccessFile etc/svn-access-policies
Require valid-user
</Location>
And here's svn-access-policies:
[groups]
apps-swdev = user1, user2
apps-hwdev = user3, user4
rtos-swdev = superuser1, superuser2
[repos2:/]
@apps-swdev = rw
@apps-hwdev = r
@rtos-swdev = rw
[repos2:/proj three/]
@apps-swdev =
@apps-hwdev =
@rtos-swdev = rw
[repos2:/proj three/released]
@apps-swdev = r
@apps-hwdev =
@rtos-swdev = rw
But this doesn't seem to work... For example, users in the group
"apps-swdev" can read "/proj three/trunk".
One suspicion that I had was that the spaces needed to be specified as
in URLs (so, "/proj%20three/" instead of "/proj three/"), but that
didn't seem to have any effect. Is there something about the order of
the sections in svn-access-policies?
My interpretation of page 102 of "THE BOOK" tells me that this should
work...
Can anyone help me see the error of my ways?
Thanks,
Wes
Received on Tue Jun 14 18:59:05 2005