RE: Writing on subfolder requires read access on repository root

From: Geir Engebakken <geir.engebakken_at_edb.com>
Date: Mon, 30 Nov 2009 13:08:27 +0100

Well I discovered the same problem. So ended up with a scheme that works, although a bit cumbersome. What we do is give all users readaccess to root, and then give rw access to groups on subdirectories.

Since we also want to deny non-authorized users read access to the projects that they are not members of we use the construct ~, which is used to negate the accesseslist. An abstract of our access file will show this better:

Accesses for the entire repos is like this :

[java:/]
*=r
@admin=rw

And so for each project we define accesses as following :

[java:/xxx/archive]
@admin=rw
@archive=rw
~archive =

~archive= means all users not in archive group are denied access.

Geir
From: Srinivas Peddi [mailto:speddi_at_uscentral.org]
Sent: 23. november 2009 16:56
To: Hyrum K. Wright
Cc: users_at_subversion.tigris.org
Subject: RE: Writing on subfolder requires read access on repository root

Hi,

Not really. This is issue looks little different from #3242. As I mentioned below looks like it was fixed 1.3.2 (Issue#2486). Am I missing something here. Can anybody help me.

Thanks
Srini

-----Original Message-----
From: Hyrum K. Wright [mailto:hyrum_wright_at_mail.utexas.edu]
Sent: Friday, November 20, 2009 4:32 PM
To: Srinivas Peddi
Cc: users_at_subversion.tigris.org
Subject: Re: Writing on subfolder requires read access on repository root

On Nov 20, 2009, at 3:48 PM, Srinivas Peddi wrote:

> Hi,

> Really need help. We are migrating from CVS to SVN. The problem I encountering is it requiring read access at root level even when the user need write access at sub folder/directory level. So unable to restrict access to other folders/directories.

> Here are the details:

> SVN Version : 1.6.2

> Implementation : Apache + SVN and Active directory based authentication. (AuthType sspi and using AuthzSVNAccessFile)

> Environment : Windows 2003 server

> /

> /Project1

> /Subproject1

> /Project2

> /SubProject2

> Example :

> Two users : User1 & User2

> When the User1 needs write access to /Project2, I have to give him read access at root level too. Otherwise that User1 cannot even get it in to the repository. Since we need to implement strict access levels for the modules in the repository, other groups or users are not supposed to even read other modules.

> Here is the Authorization.conf file.

> [groups]

> Test1 = User1

> Test2 = User2

> [/]

> * = r

> [/Project2]

> @Test1 = rw

> I looked at mailing lists and archives and found that this was fixed in release 1.3.2 (Issue Id 2486). Am I doing something wrong here, why I am getting same error in 1.6.2? Any help is greatly appreciated.

Do you think this is part of issue #3242:

http://subversion.tigris.org/issues/show_bug.cgi?id=3242

There is a potential fix being developed, but there is not yet an expected release date for this fix.

-Hyrum

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2425457

Please start new threads on the <users_at_subversion.apache.org> mailing list.
To subscribe to the new list, send an empty e-mail to <users-subscribe_at_subversion.apache.org>.
Received on 2009-11-30 13:10:17 CET

This message: [ Message body ]
Next message: Ronie Gilberto Henrich: "Re: subversion 1.6.2 (svn+https) copy/commit "Could not read status line: Secure connection truncated""
Previous message: Ezequias Rodrigues da Rocha: "Re: Serious Problem [Subversion]"
In reply to: Srinivas Peddi: "RE: Writing on subfolder requires read access on repository root"
Next in thread: Srinivas Peddi: "RE: Writing on subfolder requires read access on repository root"
Reply: Srinivas Peddi: "RE: Writing on subfolder requires read access on repository root"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]