[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: AuthzSVNAccessFile and single read-only user.

From: <kmradke_at_rockwellcollins.com>
Date: Tue, 23 Jun 2009 13:47:20 -0500

"Todd C. Gleason" <tgleason_at_impac.com> wrote on 06/23/2009 12:16:12 PM:
> > -----Original Message-----
> > From: Bogdan B. Rudas [mailto:bogdan.rudas_at_nivalnetwork.com]
> > Sent: Tuesday, June 23, 2009 10:43 AM
> > To: users_at_subversion.tigris.org
> > Subject: AuthzSVNAccessFile and single read-only user.
> >
> > Hello!
> > I have set of repos under Apache 2.2 https server with SVN 1.5.1
> > I use LDAP authentification to for users.
> > I would like to limit one special user to read-only access, we use
> this
> > user for automated checkout.
> > I try with config:
> >
> > [/]
> > rouser = r
> > * = rw
>
> My observation has been that at any level, a user is granted the union
> of all access specified. If not specified at a given directory level,
> then parent paths are used.
>
> So you could have
>
> [/]
> * = rw
>
> [/dir]
> rouser = r
>
> and specify this for every directory at the top level. It still will
> not prevent rouser from creating new directories under the root, though.

Assuming you only have one user, you might try:

[/]
rouser = r
~rouser = rw

You may also have more luck using "$authenticated = rw" instead of "* =
rw".

Neither of these are tested, but both "~", and the "$" tokens seem to
be very infrequently mentioned and only documented with svnserve,
but seem to be supported with mod_authz_svn...

Kevin R.

### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2364619

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-23 20:47:55 CEST

This is an archived mail posted to the Subversion Users mailing list.