[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Overzealous asterisk in AuthzSVNAccessFile

From: Mark Reibert <svn_at_reibert.com>
Date: Fri, 14 Mar 2008 23:26:58 -0700

For what it is worth, I can reproduce this problem using SVN 1.4.6 and
svn://, which is weird since I used to do stuff like this all the time
and it worked (with groups) as expected. But that was with Subversion
1.3.x ... I wonder if this behavior is a more recent regression.

You may want to post to the dev list in the hopes the problem will get
more visibility.

On Fri, 2008-03-14 at 13:16 -0400, Jeff Mitchell wrote:
> I'm running into a problem trying to give permissions to everyone to
> read-write the entire repository except for a single directory that I
> want to only have specific users able to access (read or write).
>
> My configuration file looks like this:
>
> [groups]
> allowed = tom dick harry
>
> [/]
> * = rw
>
> [/projects/keepout]
> @allowed = rw
> * =
>
> However, that keeps everyone, including people in the allowed group,
> from being able to access that path. If I remove the "* =" then
> everyone can access the path. I would think that the more specific
> group permissions would override the * but that doesn't seem to be the
> case.
>
> The allowed list is fairly static; the rest of our user database is
> quite dynamic. Unfortunately, given my experience so far, the only
> way I can think of how to work around this is to put all the other
> usernames (over a hundred) in a second group, and keep that updated
> separately from the rest of our authentication system. Not a great
> workaround.
>
> Am I totally missing something here, or is the asterisk being overzealous?
>
> Thanks,
> Jeff
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
> 

-- 
----------------------
Mark S. Reibert, Ph.D.
svn_at_reibert.com
----------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-15 07:27:19 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.