[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Authorization problem

From: Crucius, Wesley <WCrucius_at_sandc.com>
Date: 2005-06-14 23:04:14 CEST

Well, I apologize, I guess... This appears to be partially a caching
problem within the browser on the client side and partially what I think
is a minor bug. If I change svn-access-policies (and save it) from this
(see in context below):
[repos2:/proj three]
@apps-swdev = r
to this:
[repos2:/proj three]
@apps-swdev =
And then hit the refresh button (there are no proxies at work here) on a
browser window that was already open to that path, I still get to see
it's contents, but if I close and re-start the browser, I get access
denied with the same exact URL.
Does this surprise or concern anyone? It works fine for me now that I
understand it, but others may have concerns that some policy changes
don't "take effect" immediately.


From: Crucius, Wesley [mailto:WCrucius@sandc.com]
Sent: Tuesday, June 14, 2005 11:54 AM
To: users@subversion.tigris.org
Subject: Authorization problem

I am running version 1.1.1 (using Apache on W2k3 server) and having a
problem with my authorization file. What I want is to allow r/w access
to the whole repository except for one directory, where I want r/w
access for one group and then read-only access to a sub-directory of
that directory. Here's an approximation of the structure

http://my-server.com/svn/repos2 <http://my-server.com/svn/repos2>
                               /proj one/...
                               /proj two/...
                               /proj three

So essentially I want to allow read/write access to everything for all
the groups with the following exceptions for "proj three" and it's

1. No access to "proj three" for apps-hwdev (they only know hardware
2. read-only access to only the "proj three/released" sub-dir for
apps-swdev (the lowly application developers)
3. read/write access to all of "proj three" for rtos-swdev (the
Real-Time Operating System "gods")

Here's the relavant section of httpd.conf:
<Location /svn/>
    DAV svn
    # Repository location
    SVNParentPath E:/Apache2/svn/
    # Repository Authentication Mechanism
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile etc/svn-auth-file
    AuthzSVNAccessFile etc/svn-access-policies
    Require valid-user

And here's svn-access-policies:
apps-swdev = user1, user2
apps-hwdev = user3, user4
rtos-swdev = superuser1, superuser2

@apps-swdev = rw
@apps-hwdev = r
@rtos-swdev = rw

[repos2:/proj three/]
@apps-swdev =
@apps-hwdev =
@rtos-swdev = rw

[repos2:/proj three/released]
@apps-swdev = r
@apps-hwdev =
@rtos-swdev = rw

But this doesn't seem to work... For example, users in the group
"apps-swdev" can read "/proj three/trunk".

One suspicion that I had was that the spaces needed to be specified as
in URLs (so, "/proj%20three/" instead of "/proj three/"), but that
didn't seem to have any effect. Is there something about the order of
the sections in svn-access-policies?

My interpretation of page 102 of "THE BOOK" tells me that this should
Can anyone help me see the error of my ways?

Received on Tue Jun 14 23:06:17 2005

This is an archived mail posted to the Subversion Users mailing list.