Re: unexpected svn httpd acl behavior

From: John Peacock <john.peacock_at_havurah-software.org>
Date: Tue, 08 Jul 2008 14:00:24 -0400

Jon Sabo wrote:
> How can I limit users from accessing a part of trunk but still allow
> them to branch it or is that just not going to go my way?

This just came up recently. The short answer is that in order to make a
branch/tag, you must have rights to all folders beneath the source. The
reason for this is that if it were otherwise, you would have
inconsistencies:

1) if you allowed the unprivileged user to make a branch with missing
paths (like what happens when she just checks out the folder), then
tags/branches made by accounts *with* rights to those folders would be
different than those copies made by unprivileged users.

2) if you allowed unprivileged to make a copy including the originally
forbidden directory, those files would now be visible to all (since the
Subversion security model is strictly path based).

You are much better off taking the protected paths out of the main trunk
folder altogether and make them a peer of trunk instead of a child of
trunk. That way, your unprivileged can make tags/branches without
problem and your privileged are the only ones who can see those files.

John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-08 20:00:56 CEST

This message: [ Message body ]
Next message: Rudy Godoy Guillén: "Re: Subversion as a File Server backup. 35Gb of data"
Previous message: Paul Koning: "Re: Precommit hook absent from subversion"
In reply to: Jon Sabo: "unexpected svn httpd acl behavior"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]