[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVNServe path based authorization help.

From: Sami Mikhail <thesamim_at_yahoo.com>
Date: Tue, 6 May 2008 13:28:07 -0700 (PDT)

Bert:

Thanks for the catch on '@' prefix for group names.

Thanks also for the pointer re: canonical paths, but I must be missing something fundamental.

Here's a run down of what I have tried so far (apologies for the length.)

URL repository:
svn://localhost/MyMiscFoo/trunk/MyProject/devDirectories/database

Working Copy:
E:\blis\svnplay\trunk\MyProject\devDirectories\database
(note: I have also tried checking out from MyProject and below... same results.)

Attempt:
[groups]
da = harry, sally
dba = fred, george
developers = ron, hermione, neville
[/]
@developers = rw
* = r
[/trunk/MyProject/devDirectories/database/]
@dba = rw
[/trunk/MyProject/devDirectories/java/sql]
@da = rw

result:
fred cannot commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
ron can commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
harry cannot E:\blis\svnplay\trunk\MyProject\devDirectories\java\sql

attempt:
[groups]
da = harry, sally
dba = fred, george
developers = ron, hermione, neville
[/]
@developers = rw
* = r
[/MyMiscFoo/trunk/MyProject/devDirectories/database/]
@dba = rw
[/MyMiscFoo/trunk/MyProject/devDirectories/java/sql]
@da = rw

result:
fred cannot commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
ron can commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
harry cannot E:\blis\svnplay\trunk\MyProject\devDirectories\java\sql

[groups]
da = harry, sally
dba = fred, george
developers = ron, hermione, neville
[/]
@developers = rw
* = r
[MyMiscFoo:/trunk/MyProject/devDirectories/database/]
@dba = rw
[MyMiscFoo:/trunk/MyProject/devDirectories/java/sql]
@da = rw

result:
fred cannot commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
ron can commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
harry cannot E:\blis\svnplay\trunk\MyProject\devDirectories\java\sql

[groups]
da = harry, sally
dba = fred, george
developers = ron, hermione, neville
[/]
@developers = rw
* = r
[MyMiscFoo:/MyProject/devDirectories/database/]
@dba = rw
[MyMiscFoo:/MyProject/devDirectories/java/sql]
@da = rw

result:
fred cannot commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
ron can commit E:\blis\svnplay\trunk\MyProject\devDirectories\database\bar.sql
harry cannot E:\blis\svnplay\trunk\MyProject\devDirectories\java\sql

Thanks again.

----- Original Message ----
From: Bert Huijben (Spambox) <bert-spam_at_vip.vsoft.nl>
To: Sami Mikhail <thesamim_at_yahoo.com>
Cc: users_at_subversion.tigris.org
Sent: Tuesday, May 6, 2008 2:22:18 PM
Subject: RE: SVNServe path based authorization help.

> -----Original Message-----
> From: Sami Mikhail [mailto:thesamim_at_yahoo.com]
> Sent: dinsdag 6 mei 2008 18:35
> To: users_at_subversion.tigris.org
> Subject: SVNServe path based authorization help.
>
> I've been digging for three days now, but no joy.
>
> Running basic svnserver daemon on Windows.
>
> Let's say I have:
>
> C:\MYPROJECT
> \---devDirectories
> +---database
> \---java
> \---sql
>
> In case that's not clear:
> C:\MyProject\devDirectories
> C:\MyProject\devDirectories\database
> C:\MyProject\devDirectories\java
> C:\MyProject\devDirectories\java\sql
>
> We need to give the development team RW access to everything; the DBA
> team
> RW to only the "database" and the da team RW to "sql" directories.
>
> (The directory structure is significantly more complex than that, and
> we
> have multiple active branches....)
>
> I've tried various combinations in my authorization file:
> [groups]
> da = harry, sally
> dba = fred, george
> developers = ron, hermione, neville
>
> [/]
> da =
> dba =
> developers = rw
> * = r

Groups should be prefixed with a @
E.g.
[/]
@da =
@developers = rw
* = r

> [/MyProject/devDirectories/database/]
> @dba = rw

Paths must be in their canonical (or standard) form; in this case it should
be

[/MyProject/devDirectories/database]
@dba = rw

(Without the final '/')
I have been bitten by this a few times.

Please note that these directories are relative from the repository root.
So assume: your repository is on http://my.svn.server/svn/repository/

Then the [/] rule applies to everything below
http://my.svn.server/svn/repository/

And the [/MyProject/devDirectories/database] applies to everything below
http://my.svn.server/svn/repository/MyProject/devDirectories/database/

How all this is mapped in your working copy (C:\MyProject\... in your
example) is not relevant for this configuration

> [/MyProject/devDirectories/java/sql]
> @da = rw
>
> Nothing seems to work the way I expect it to. Has anyone gotten this
> kind of
> scenario to work? What's the right way of doing this?
>
> I can do whatever needs to be done with authorization/permissions, but
> i
> cannot change the directory structure.
>
> Any help greatly appreciated.

    Bert
Received on 2008-05-06 22:28:35 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.