[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Limited subdirectory access

From: Stefan Sperling <stsp_at_elego.de>
Date: Mon, 30 Jan 2012 22:32:30 +0100

On Mon, Jan 30, 2012 at 01:14:53PM -0800, K F wrote:
> --- On Mon, 1/30/12, Andy Levy <andy.levy_at_gmail.com> wrote:
> > have it setup in the authz file now:
> > > [/]
> > > @dev = rw
> > > @qa = r
> > >
> > > [/ABC/DEF]
> > > @dev1 = rw
> > >
> > > Do I need to be more specific?
> > >
> >
> > What exactly isn't working?
> >
> > Is dev1 a group, or an individual?
> >
> > Do you have the case of the path matched exactly? The rules
> > are case-sensitive.
> >
>
> I am able to commit with a login that is in the dev group that is not in the dev1 group.
>
> The actual path is /svnrepo/ABC/DEF so I tried
>
> [/svnrepo/sandbox/tags]
> @dev1 = rw
>
> and that doesn't work either. Based on the example in the file I also tried
>
> [repository:/svnrepo/sandbox/tags]
> @dev1 = rw
>
> with no luck. Any ideas as to what I am doing wrong?

You'll need to tighten permissions for the 'dev' group in /ABC/DEF also.
[/]
@dev = rw
@qa = r

[/ABC/DEF]
@dev = r
@dev1 = rw

See this snippet from
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
  "Of course, permissions are inherited from parent to child directory.
  That means we can specify a subdirectory with a different access policy
  for Sally:
  
  [calc:/branches/calc/bug-142]
  harry = rw
  sally = r
  
  # give sally write access only to the 'testing' subdir
  [calc:/branches/calc/bug-142/testing]
  sally = rw
  
  Now Sally can write to the testing subdirectory of the branch, but can
  still only read other parts. Harry, meanwhile, continues to have
  complete read/write access to the whole branch."

The same applies when restricting access, rather than expanding it.
Received on 2012-01-30 22:33:05 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.