[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Authorization problem

From: Crucius, Wesley <WCrucius_at_sandc.com>
Date: 2005-06-14 18:54:10 CEST

I am running version 1.1.1 (using Apache on W2k3 server) and having a
problem with my authorization file. What I want is to allow r/w access
to the whole repository except for one directory, where I want r/w
access for one group and then read-only access to a sub-directory of
that directory. Here's an approximation of the structure

                               /proj one/...
                               /proj two/...
                               /proj three

So essentially I want to allow read/write access to everything for all
the groups with the following exceptions for "proj three" and it's
1. No access to "proj three" for apps-hwdev (they only know hardware
2. read-only access to only the "proj three/released" sub-dir for
apps-swdev (the lowly application developers)
3. read/write access to all of "proj three" for rtos-swdev (the
Real-Time Operating System "gods")

Here's the relavant section of httpd.conf:
<Location /svn/>
    DAV svn
    # Repository location
    SVNParentPath E:/Apache2/svn/
    # Repository Authentication Mechanism
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile etc/svn-auth-file
    AuthzSVNAccessFile etc/svn-access-policies
    Require valid-user

And here's svn-access-policies:
apps-swdev = user1, user2
apps-hwdev = user3, user4
rtos-swdev = superuser1, superuser2

@apps-swdev = rw
@apps-hwdev = r
@rtos-swdev = rw

[repos2:/proj three/]
@apps-swdev =
@apps-hwdev =
@rtos-swdev = rw

[repos2:/proj three/released]
@apps-swdev = r
@apps-hwdev =
@rtos-swdev = rw

But this doesn't seem to work... For example, users in the group
"apps-swdev" can read "/proj three/trunk".

One suspicion that I had was that the spaces needed to be specified as
in URLs (so, "/proj%20three/" instead of "/proj three/"), but that
didn't seem to have any effect. Is there something about the order of
the sections in svn-access-policies?

My interpretation of page 102 of "THE BOOK" tells me that this should
Can anyone help me see the error of my ways?

Received on Tue Jun 14 18:59:05 2005

This is an archived mail posted to the Subversion Users mailing list.