[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Another authz question

From: Rainer Sokoll <R.Sokoll_at_intershop.de>
Date: 2006-05-23 15:45:33 CEST

Hi all,

(I've read through authz: what has precedence when user..., but this
does not cover my problem, I think.)

svn 1.3.1 running as an apache DSO.
Access to the entire webserver ony for authenticated users.

Snipplet from httpd.conf:
   <Location /foo/>
     Include conf/subversion.conf
     SVNParentPath /svn/svn/foo
     AuthzSVNAccessFile conf/svnaccess/svnaccess.foo
     AuthName "Access to HR area"

Snipplet from subversion.conf:
DAV svn
SVNIndexXSLT "/svnindex.xsl"
SVNListParentPath on
AuthType Basic
[AuthLDAP stuff]
require valid-user

Now for svnaccess.foo:
restrictgroup = external1, external2
agroup = internal1, internal2
@restrictgroup =
* = r
@agroup = rw

I would think:
1.: external1 end external2 are not alllowed to see the root ([/]).
2.: As access controls are inherited, both also cannot see aproject.
But they see all :-(

If I use this:
@restrictgroup =
@agroup = rw

external1 and external2 cannot access aproject. But I do not want to use
this, since I have a lot of projects and sometimes I may forget to deny
What I want to have: members of restrictgroup shall only see a certain
directory in a certain project. They also must not read the root
How would you do this?


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue May 23 15:48:15 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.