[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Limited subdirectory access

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Mon, 30 Jan 2012 23:13:17 +0100

On Mon, Jan 30, 2012 at 10:55 PM, K F <cmkforce_at_yahoo.com> wrote:
>
>
> --- On Mon, 1/30/12, Stefan Sperling <stsp_at_elego.de> wrote:
>
>> From: Stefan Sperling <stsp_at_elego.de>
>> Subject: Re: Limited subdirectory access
>> To: "K F" <cmkforce_at_yahoo.com>
>> Cc: "Andy Levy" <andy.levy_at_gmail.com>, users_at_subversion.apache.org
>> Date: Monday, January 30, 2012, 9:32 PM
>> On Mon, Jan 30, 2012 at 01:14:53PM
>> -0800, K F wrote:
>> > --- On Mon, 1/30/12, Andy Levy <andy.levy_at_gmail.com>
>> wrote:
>> > > have it setup in the authz file now:
>> > > > [/]
>> > > > @dev = rw
>> > > > @qa = r
>> > > >
>> > > > [/ABC/DEF]
>> > > > @dev1 = rw
>> > > >
>> > > > Do I need to be more specific?
>> > > >
>> > >
>> > > What exactly isn't working?
>> > >
>> > > Is dev1 a group, or an individual?
>> > >
>> > > Do you have the case of the path matched exactly?
>> The rules
>> > > are case-sensitive.
>> > >
>> >
>> > I am able to commit with a login that is in the dev
>> group that is not in the dev1 group.
>> >
>> > The actual path is /svnrepo/ABC/DEF so I tried
>> >
>> > [/svnrepo/sandbox/tags]
>> > @dev1 = rw
>> >
>> > and that doesn't work either. Based on the example in
>> the file I also tried
>> >
>> > [repository:/svnrepo/sandbox/tags]
>> > @dev1 = rw
>> >
>> > with no luck. Any ideas as to what I am doing wrong?
>>
>> You'll need to tighten permissions for the 'dev' group in
>> /ABC/DEF also.
>> [/]
>> @dev = rw
>> @qa = r
>>
>> [/ABC/DEF]
>> @dev = r
>> @dev1 = rw
>>
>> See this snippet from
>> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
>>   "Of course, permissions are inherited from parent to
>> child directory.
>>   That means we can specify a subdirectory with a
>> different access policy
>>   for Sally:
>>
>>   [calc:/branches/calc/bug-142]
>>   harry = rw
>>   sally = r
>>
>>   # give sally write access only to the 'testing'
>> subdir
>>   [calc:/branches/calc/bug-142/testing]
>>   sally = rw
>>
>>   Now Sally can write to the testing subdirectory of
>> the branch, but can
>>   still only read other parts. Harry, meanwhile,
>> continues to have
>>   complete read/write access to the whole branch."
>>
>> The same applies when restricting access, rather than
>> expanding it.
>>
>
> I realize my explanation is wrong, my apologies. It is actually repo ABC with 40+ folders under it. I want to limit who has access to one of the folders (DEF). After looking at the svnbook, I thought the following would work but it is still not working:
>
> [ABC:/DEF]
> @dev = r
> @dev1 = rw

Can you check if order of the rules matters? Either putting this rule
with [ABC:/DEF] before or after the other one (for [ABC:/]). I'm not
sure, but I vaguely remember some prior discussion about this ...

-- 
Johan
Received on 2012-01-30 23:14:10 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.