[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

unexpected svn httpd acl behavior

From: Jon Sabo <jonathan.sabo_at_gmail.com>
Date: Tue, 8 Jul 2008 13:32:22 -0400

I have a group of users I give read write access to an entire
repository and another group I give read write access to the entire
repository but I deny access to a directory further along inside of
trunk. When they check out trunk, the directory they are not allowed
access is silently omitted and they check out all of trunk minus that
dir. That is what I expected and hoped would happen.

However, when attempting to copy trunk to a branch they get access
denied and it does not allow them to create the branch.

They are allowed to write to the branch and I have as one of the
limited users created files and directories inside of config:/branch
but I can not copy from trunk to branch.

When I do so I see the following in my apache ssl logs:

Access denied: 'bob' COPY config:/trunk config:/branches/bob-uho-1.9

When I check out a working copy of trunk as "bob" to my workstation
which works fine as the limited user it just omits the mydir
directory. When I try to copy it from the working copy to the branch
and fails with these errors.

Command from inside the working copy:

svn copy . https://myhost/repos/config/branches/bob-uho-1.9

Fails with this error:

"svn-commit.tmp" 4L, 147C written
svn: Commit failed (details follow):
svn: Directory '/home/illsci/Src/config/install/mydir' is missing
svn: Your commit message was left in a temporary file:

I have an apache svn setup and the following is my configuration:

[groups]
boh = illsci
doh_rw = bob

[config:/]
@boh = rw
@doh_rw = rw

# DISABLE ACCESS TO MYDIR
[config:/trunk/install/mydir]
@boh = rw
* =

<Location /repos>
   DAV svn
   SVNParentPath /app/svn
   AuthType Basic
   AuthName "Repos"
   AuthUserFile /etc/httpd/conf.d/svnusers
   # Acess control policy
   AuthzSVNAccessFile /etc/httpd/conf.d/svnaclpolicy
   # Require SSL connection for password protection.
   SSLRequireSSL
   Require valid-user
</Location>

Is this expected?

How can I limit users from accessing a part of trunk but still allow
them to branch it or is that just not going to go my way?

Thanks,

Jonathan

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-08 19:32:46 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.