[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: unexpected svn httpd acl behavior

From: John Peacock <john.peacock_at_havurah-software.org>
Date: Tue, 08 Jul 2008 14:00:24 -0400

Jon Sabo wrote:
> How can I limit users from accessing a part of trunk but still allow
> them to branch it or is that just not going to go my way?

This just came up recently. The short answer is that in order to make a
branch/tag, you must have rights to all folders beneath the source. The
reason for this is that if it were otherwise, you would have

1) if you allowed the unprivileged user to make a branch with missing
paths (like what happens when she just checks out the folder), then
tags/branches made by accounts *with* rights to those folders would be
different than those copies made by unprivileged users.

2) if you allowed unprivileged to make a copy including the originally
forbidden directory, those files would now be visible to all (since the
Subversion security model is strictly path based).

You are much better off taking the protected paths out of the main trunk
folder altogether and make them a peer of trunk instead of a child of
trunk. That way, your unprivileged can make tags/branches without
problem and your privileged are the only ones who can see those files.


To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-08 20:00:56 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.