Overzealous asterisk in AuthzSVNAccessFile

I'm running into a problem trying to give permissions to everyone to
read-write the entire repository except for a single directory that I
want to only have specific users able to access (read or write).

My configuration file looks like this:

[groups]
allowed = tom dick harry

[/]
* = rw

[/projects/keepout]
@allowed = rw
* =

However, that keeps everyone, including people in the allowed group,
from being able to access that path. If I remove the "* =" then
everyone can access the path. I would think that the more specific
group permissions would override the * but that doesn't seem to be the
case.

The allowed list is fairly static; the rest of our user database is
quite dynamic. Unfortunately, given my experience so far, the only
way I can think of how to work around this is to put all the other
usernames (over a hundred) in a second group, and keep that updated
separately from the rest of our authentication system. Not a great
workaround.

Am I totally missing something here, or is the asterisk being overzealous?

Thanks,
Jeff

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-14 18:17:27 CET