Re: SVNServe path based authorization help.

Please answers in line below

----- Original Message ----
From: Hari Kodungallur <hkodungallur_at_gmail.com>
To: Sami Mikhail <thesamim_at_yahoo.com>
Cc: users_at_subversion.tigris.org
Sent: Tuesday, May 6, 2008 12:38:39 PM
Subject: Re: SVNServe path based authorization help.

On Tue, May 6, 2008 at 9:34 AM, Sami Mikhail <thesamim_at_yahoo.com> wrote:
I've been digging for three days now, but no joy.

Running basic svnserver daemon on Windows.

Let's say I have:

C:\MYPROJECT
\---devDirectories
    +---database
    \---java
        \---sql

In case that's not clear:
C:\MyProject\devDirectories
C:\MyProject\devDirectories\database
C:\MyProject\devDirectories\java
C:\MyProject\devDirectories\java\sql

We need to give the development team RW access to everything; the DBA team RW to only the "database" and the da team RW to "sql" directories.

(The directory structure is significantly more complex than that, and we have multiple active branches....)

I've tried various combinations in my authorization file:
[groups]
da = harry, sally
dba = fred, george
developers = ron, hermione, neville

[/]
da =
dba =
developers = rw
* = r

[/MyProject/devDirectories/database/]
@dba = rw

[/MyProject/devDirectories/java/sql]
@da = rw

Nothing seems to work the way I expect it to. Has anyone gotten this kind of scenario to work? What's the right way of doing this?

I can do whatever needs to be done with authorization/permissions, but i cannot change the directory structure.

Any help greatly appreciated.

Can you provide some more info:

(1) What you have shown is the directory structure in the working copy, which potentially reflects the one on the server. But I just want to make sure that all directories including MyProjects is part of the repository.

[SRM] "MyProject" is a folder directly under "Trunk"... When we branch, will branch "MyProject" and all it's subdirectories...

(2) I assume you have set (or uncommented) the password-db and authz-db config parameters in the svnserve.conf file.

[SRM] Yes I have. I am able to see behavior changes as I make changes. (just not the behaviors I want. :) )

(3) When you say "Nothing seems to work the way I expect it to", what exactly happens. With the given access control file, what works and what does not?

[SRM] eg: if under [/] I have * = rw, even though I have I have da = and dba = then everybody can commit changes everywhere. If I have it as it stands (* = r) then nobody can commit. If I don't have an '*' entry then neither da nor dba can check out....

(4) I am not absolutely sure, but if my memory serves me right, the case where you have provided " * = r", will let the all users including dba and db to read that directory. I am not sure whether that is a bug or if it is a bug, if it is fixed in later versions. I think early 1.4.x had that issue.

[SRM] reading not an issue. as a matter of fact all authenticated users being able to check out everything is a requirement. da's and dba's not able to commit source code and developers not able to commit database resources is the goal of this exercise.

Thanks,
-Hari
Received on 2008-05-06 20:22:13 CEST