Path Permission Frustrations

Hello All,
  I have a repository, myproject, at /var/svn/myproject/. My
svnserve.conf looks like this:

[general]
password-db = /var/svn/myproject/.svnpasswd
authz-db = /var/svn/myproject/authz
realm = My Project

My authz looks like this:

---------------------------------------------------
[groups]
developers = jtrades, bblack, csmartt, ekreston
admins = jtrades

[/]
* =

[myproject:/trunk]
@developers = rw
@admins = rw

[myproject:/branches]
@developers = r
@admins = rw

[myproject:/branches/RELEASE-1.0]
csmartt =
---------------------------------------------------

What the above attempts to accomplish:
  1) deny anon access to everything
  2) allow developers and admins rw to trunk
  3) allow developers read-only to all branches, admins rw
  4) allow developers read-only, admins rw, and deny csmartt to RELEASE-1.0

Here are the issues:

svn co svn://localhost/myproject/trunk mytrunk
Authentication realm: <svn://localhost:3690> myproject
Password for 'csmartt': XXXXX
svn: Not authorized to open root of edit operation

What does that mean? csmartt is part of the developers group and that
group has rw on /trunk so whats this mean?

Same error when csmartt tries to checkout /trunk or any other /branch.

If I alter the [/] to be * = r, then csmartt can now checkout trunk
albeit, anonymously; which we don't want.

csmartt can now also checkout RELEASE-1.0 which we want to deny.

Any ideas? Can someone provide their authz file for learning purposes?

Thanks,
Matthew

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-04-08 22:43:06 CEST