Re: SVNServe path based authorization help.
From: Sami Mikhail <thesamim_at_yahoo.com>
Date: Tue, 6 May 2008 11:21:48 -0700 (PDT)
Please answers in line below
----- Original Message ----
On Tue, May 6, 2008 at 9:34 AM, Sami Mikhail <thesamim_at_yahoo.com> wrote:
Running basic svnserver daemon on Windows.
Let's say I have:
In case that's not clear:
We need to give the development team RW access to everything; the DBA team RW to only the "database" and the da team RW to "sql" directories.
(The directory structure is significantly more complex than that, and we have multiple active branches....)
I've tried various combinations in my authorization file:
Nothing seems to work the way I expect it to. Has anyone gotten this kind of scenario to work? What's the right way of doing this?
I can do whatever needs to be done with authorization/permissions, but i cannot change the directory structure.
Any help greatly appreciated.
Can you provide some more info:
(1) What you have shown is the directory structure in the working copy, which potentially reflects the one on the server. But I just want to make sure that all directories including MyProjects is part of the repository.
[SRM] "MyProject" is a folder directly under "Trunk"... When we branch, will branch "MyProject" and all it's subdirectories...
(2) I assume you have set (or uncommented) the password-db and authz-db config parameters in the svnserve.conf file.
[SRM] Yes I have. I am able to see behavior changes as I make changes. (just not the behaviors I want. :) )
(3) When you say "Nothing seems to work the way I expect it to", what exactly happens. With the given access control file, what works and what does not?
[SRM] eg: if under [/] I have * = rw, even though I have I have da = and dba = then everybody can commit changes everywhere. If I have it as it stands (* = r) then nobody can commit. If I don't have an '*' entry then neither da nor dba can check out....
(4) I am not absolutely sure, but if my memory serves me right, the case where you have provided " * = r", will let the all users including dba and db to read that directory. I am not sure whether that is a bug or if it is a bug, if it is fixed in later versions. I think early 1.4.x had that issue.
[SRM] reading not an issue. as a matter of fact all authenticated users being able to check out everything is a requirement. da's and dba's not able to commit source code and developers not able to commit database resources is the goal of this exercise.
This is an archived mail posted to the Subversion Users mailing list.