[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: authorization - how can I set?

From: Vida Péter <peter.vida_at_adversum.hu>
Date: 2006-11-27 10:14:20 CET

Hi Thomas,

I have done that you adviced, but it is still not working.
The error message:
        Error * An authz rule refers to group 'nephews', which is undefined

My authz file is as follows:
-------------------------------
[groups]
@nephews = hewey,dewey,louie
@duck = donald,daisy,@nephews

[/some_directory]
@nephews donald = r
daisy = rw
-------------------------------

I have read this in SVN book (section: svnserve, a custom server):
"Notice that svnserve only understands "blanket" access control. A user
either has universal read/write access, universal read access, or no access.
There is no detailed control over access to specific paths within the
repository. For many projects and sites, this level of access control is
more than adequate. However, if you need per-directory access control,
you'll need to use either use Apache with mod_authz_svn or use a pre-commit
hook script to control write access"

Conclusions fo me:
1. with svnserve I can use only universal rw, r or no access.
2. for using per-directory access control, I should use Apache server
3. with pre-commit hook script I can use only write access control, without
read access control

What do you think?
Did I misinterpret SVN book?

Thanks a lot!

Peter

-----Original Message-----
From: Thomas Hemmer [mailto:themmer@go-engineering.de]
Sent: Friday, November 24, 2006 6:18 PM
To: 'Vida Péter'; 'Subversion Users'
Subject: RE: authorization - how can I set?

Peter,

svnserve has taken an authz file since version 1.3.
Concerning the contents of this file everything stated within the SVN
book holds also with the excception of repository names preceding
repository paths.
I have been using per-path authorization in conjunction with svnserve
since months without running into any trouble.
Maybe you are bothering with the same misunderstanding that I did too:

@duck = donald,daisy,hewey,dewey,louie

....

[/some_directory]
@duck donald = r
daisy = rw

First I had expected this to grant read permissions on /some_directory
to donald, read/write to daisy and none at all to the nephews.
But, in reality, noone is granted anything at all since apparently a
revoke "wins" over every grant on the same directory.
Instead, you should perhaps move to

@nephews = hewey,dewey,louie
@duck = donald,daisy,@nephews
....

[/some_directory]
@nephews donald = r
daisy = rw

Good luck,

Thomas

> -----Original Message-----
> From: Vida Péter [mailto:peter.vida@adversum.hu]
> Sent: Friday, November 24, 2006 5:52 PM
> To: 'Subversion Users'
> Subject: authorization - how can I set?
>
> Hi!
>
> I would like to set authorization for some users to not to
> access some dictionaries in repository.
>
> I set default authorization file in repository as the example
> says, and uncommented the corresponding line in svserve.conf.
> All the same it isn't work. The message is: 'Authorization failed'
>
> Can I use authorization with svnserve or can't. I didn't find
> this information in Subversion Book explicitly but I feel the
> answer is can't.
>
> Could you help me?
>
> Thanks!
>
> Peter, Vida
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Nov 27 10:18:41 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.