[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Authorization problem

From: Crucius, Wesley <WCrucius_at_sandc.com>
Date: 2005-06-14 18:54:10 CEST

I am running version 1.1.1 (using Apache on W2k3 server) and having a
problem with my authorization file. What I want is to allow r/w access
to the whole repository except for one directory, where I want r/w
access for one group and then read-only access to a sub-directory of
that directory. Here's an approximation of the structure

http://my-server.com/svn/repos2
                               /proj one/...
                               /proj two/...
                               /proj three
                                          /released/...
                                          /trunk/...

So essentially I want to allow read/write access to everything for all
the groups with the following exceptions for "proj three" and it's
"sub-directories":
1. No access to "proj three" for apps-hwdev (they only know hardware
anyway...)
2. read-only access to only the "proj three/released" sub-dir for
apps-swdev (the lowly application developers)
3. read/write access to all of "proj three" for rtos-swdev (the
Real-Time Operating System "gods")

Here's the relavant section of httpd.conf:
<Location /svn/>
    DAV svn
    # Repository location
    SVNParentPath E:/Apache2/svn/
    # Repository Authentication Mechanism
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile etc/svn-auth-file
    AuthzSVNAccessFile etc/svn-access-policies
    Require valid-user
</Location>

And here's svn-access-policies:
[groups]
apps-swdev = user1, user2
apps-hwdev = user3, user4
rtos-swdev = superuser1, superuser2

[repos2:/]
@apps-swdev = rw
@apps-hwdev = r
@rtos-swdev = rw

[repos2:/proj three/]
@apps-swdev =
@apps-hwdev =
@rtos-swdev = rw

[repos2:/proj three/released]
@apps-swdev = r
@apps-hwdev =
@rtos-swdev = rw

But this doesn't seem to work... For example, users in the group
"apps-swdev" can read "/proj three/trunk".

One suspicion that I had was that the spaces needed to be specified as
in URLs (so, "/proj%20three/" instead of "/proj three/"), but that
didn't seem to have any effect. Is there something about the order of
the sections in svn-access-policies?

My interpretation of page 102 of "THE BOOK" tells me that this should
work...
Can anyone help me see the error of my ways?

Thanks,
Wes
Received on Tue Jun 14 18:59:05 2005

This is an archived mail posted to the Subversion Users mailing list.