On Mon, Jan 30, 2012 at 01:14:53PM -0800, K F wrote:
> --- On Mon, 1/30/12, Andy Levy <andy.levy_at_gmail.com> wrote:
> > have it setup in the authz file now:
> > > [/]
> > > @dev = rw
> > > @qa = r
> > >
> > > [/ABC/DEF]
> > > @dev1 = rw
> > >
> > > Do I need to be more specific?
> > >
> >
> > What exactly isn't working?
> >
> > Is dev1 a group, or an individual?
> >
> > Do you have the case of the path matched exactly? The rules
> > are case-sensitive.
> >
>
> I am able to commit with a login that is in the dev group that is not in the dev1 group.
>
> The actual path is /svnrepo/ABC/DEF so I tried
>
> [/svnrepo/sandbox/tags]
> @dev1 = rw
>
> and that doesn't work either. Based on the example in the file I also tried
>
> [repository:/svnrepo/sandbox/tags]
> @dev1 = rw
>
> with no luck. Any ideas as to what I am doing wrong?
You'll need to tighten permissions for the 'dev' group in /ABC/DEF also.
[/]
@dev = rw
@qa = r
[/ABC/DEF]
@dev = r
@dev1 = rw
See this snippet from
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
"Of course, permissions are inherited from parent to child directory.
That means we can specify a subdirectory with a different access policy
for Sally:
[calc:/branches/calc/bug-142]
harry = rw
sally = r
# give sally write access only to the 'testing' subdir
[calc:/branches/calc/bug-142/testing]
sally = rw
Now Sally can write to the testing subdirectory of the branch, but can
still only read other parts. Harry, meanwhile, continues to have
complete read/write access to the whole branch."
The same applies when restricting access, rather than expanding it.
Received on 2012-01-30 22:33:05 CET