[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Per-directory access control bug?

From: Ryan Schmidt <subversion-2006q2_at_ryandesign.com>
Date: 2006-05-13 00:16:39 CEST

On May 13, 2006, at 00:02, Jim Fulton wrote:

> I've been using per-directory access control with svnserve (subversion
> 1.3.0) for a few weeks now and it has worked great. So far, I've used
> it to grant selected users read-only access to selected projects. My
> repository is layed out in the usual way, with a top-level directory
> for each project. I have a group of users with read-write access to
> the whole repository and then grant other users read access to
> specific projects. My access file looks something like this:
>
> [groups]
> zc = jim,sally,...
>
> [/]
> @zc = rw
>
> [/proj1]
> bob = r
>
> In this example, Bob can read proj1, but can't read the root. He can't
> even list the root, so he can't find out what the other projects
> are. This is just what I want.
>
> Now, suppose I want to let Mary work on proj2. It seems like I should
> be able to add:
>
> [/proj2]
> mary = rw
>
> But this doesn't work. Mary can read proj2, but she can't write it.
> With some experimentation, I've discovered that if I grant Mary read
> access at the top:
>
> [groups]
> zc = jim,sally,...
>
> [/]
> @zc = rw
> mary = r
>
> [/proj1]
> bob = r
>
> [/proj2]
> mary = rw
>
> she can write proj2, but she can also read everything else. I don't
> want that. As a partial work around, I can explicitly deny access to
> all projects:
>
> [groups]
> zc = jim,sally,...
>
> [/]
> @zc = rw
> mary = r
>
> [/proj1]
> * =
> @zc = rw
> bob = r
>
> [/proj2]
> * =
> @zc = rw
> mary = rw
>
> [/proj3]
> * =
> @zc = rw
>
> [/proj4]
> * =
> @zc = rw
>
> ...
>
> But of course, this is a pain and Mary can still list other projects,
> which I don't want.
>
> It appears to me that this is a bug. I don't think I should need to
> grant read access to parent directories to grant write access to a
> directory.
>
> Even though the 1.3.1 release notes didn't say anything about this, I
> tried upgrading to 1.3.1, to no avail.
>
> Thoughts?
>
> Should I report a bug?

I believe you're describing this bug, which has been fixed and will I
believe be in Subversion 1.3.2:

http://subversion.tigris.org/issues/show_bug.cgi?id=2486

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat May 13 00:18:26 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.