RE: Writing on subfolder requires read access on repository root
From: Geir Engebakken <geir.engebakken_at_edb.com>
Date: Mon, 30 Nov 2009 13:08:27 +0100
Well I discovered the same problem. So ended up with a scheme that works, although a bit cumbersome. What we do is give all users readaccess to root, and then give rw access to groups on subdirectories.
Since we also want to deny non-authorized users read access to the projects that they are not members of we use the construct ~, which is used to negate the accesseslist. An abstract of our access file will show this better:
Accesses for the entire repos is like this :
[java:/]
And so for each project we define accesses as following :
[java:/xxx/archive]
~archive= means all users not in archive group are denied access.
Geir
Hi,
Not really. This is issue looks little different from #3242. As I mentioned below looks like it was fixed 1.3.2 (Issue#2486). Am I missing something here. Can anybody help me.
Thanks
-----Original Message-----
On Nov 20, 2009, at 3:48 PM, Srinivas Peddi wrote:
> Hi,
>
> Really need help. We are migrating from CVS to SVN. The problem I encountering is it requiring read access at root level even when the user need write access at sub folder/directory level. So unable to restrict access to other folders/directories.
>
> Here are the details:
> SVN Version : 1.6.2
> Implementation : Apache + SVN and Active directory based authentication. (AuthType sspi and using AuthzSVNAccessFile)
> Environment : Windows 2003 server
>
> /
> /Project1
> /Subproject1
> /Project2
> /SubProject2
>
> Example :
> Two users : User1 & User2
>
> When the User1 needs write access to /Project2, I have to give him read access at root level too. Otherwise that User1 cannot even get it in to the repository. Since we need to implement strict access levels for the modules in the repository, other groups or users are not supposed to even read other modules.
>
> Here is the Authorization.conf file.
>
> [groups]
> Test1 = User1
> Test2 = User2
>
> [/]
> * = r
>
> [/Project2]
> @Test1 = rw
>
> I looked at mailing lists and archives and found that this was fixed in release 1.3.2 (Issue Id 2486). Am I doing something wrong here, why I am getting same error in 1.6.2? Any help is greatly appreciated.
Do you think this is part of issue #3242:
http://subversion.tigris.org/issues/show_bug.cgi?id=3242
There is a potential fix being developed, but there is not yet an expected release date for this fix.
-Hyrum
------------------------------------------------------
Please start new threads on the <users_at_subversion.apache.org> mailing list.
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.