Did you try flipping the order? If I recall correctly order matters, so
do
[/]
* = rw
[/projects/keepout]
* =
@allowed = rw
On Fri, 2008-03-14 at 13:16 -0400, Jeff Mitchell wrote:
> I'm running into a problem trying to give permissions to everyone to
> read-write the entire repository except for a single directory that I
> want to only have specific users able to access (read or write).
>
> My configuration file looks like this:
>
> [groups]
> allowed = tom dick harry
>
> [/]
> * = rw
>
> [/projects/keepout]
> @allowed = rw
> * =
>
> However, that keeps everyone, including people in the allowed group,
> from being able to access that path. If I remove the "* =" then
> everyone can access the path. I would think that the more specific
> group permissions would override the * but that doesn't seem to be the
> case.
>
> The allowed list is fairly static; the rest of our user database is
> quite dynamic. Unfortunately, given my experience so far, the only
> way I can think of how to work around this is to put all the other
> usernames (over a hundred) in a second group, and keep that updated
> separately from the rest of our authentication system. Not a great
> workaround.
>
> Am I totally missing something here, or is the asterisk being overzealous?
>
> Thanks,
> Jeff
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-14 18:21:53 CET