--- On Mon, 1/30/12, Johan Corveleyn <jcorvel_at_gmail.com> wrote:
> From: Johan Corveleyn <jcorvel_at_gmail.com>
> Subject: Re: Limited subdirectory access
> To: "K F" <cmkforce_at_yahoo.com>
> Cc: "Stefan Sperling" <stsp_at_elego.de>, "Andy Levy" <andy.levy_at_gmail.com>, users_at_subversion.apache.org
> Date: Monday, January 30, 2012, 10:13 PM
> On Mon, Jan 30, 2012 at 10:55 PM, K F
> <cmkforce_at_yahoo.com>
> wrote:
> >
> >
> > --- On Mon, 1/30/12, Stefan Sperling <stsp_at_elego.de>
> wrote:
> >
> >> From: Stefan Sperling <stsp_at_elego.de>
> >> Subject: Re: Limited subdirectory access
> >> To: "K F" <cmkforce_at_yahoo.com>
> >> Cc: "Andy Levy" <andy.levy_at_gmail.com>,
> users_at_subversion.apache.org
> >> Date: Monday, January 30, 2012, 9:32 PM
> >> On Mon, Jan 30, 2012 at 01:14:53PM
> >> -0800, K F wrote:
> >> > --- On Mon, 1/30/12, Andy Levy <andy.levy_at_gmail.com>
> >> wrote:
> >> > > have it setup in the authz file now:
> >> > > > [/]
> >> > > > @dev = rw
> >> > > > @qa = r
> >> > > >
> >> > > > [/ABC/DEF]
> >> > > > @dev1 = rw
> >> > > >
> >> > > > Do I need to be more specific?
> >> > > >
> >> > >
> >> > > What exactly isn't working?
> >> > >
> >> > > Is dev1 a group, or an individual?
> >> > >
> >> > > Do you have the case of the path matched
> exactly?
> >> The rules
> >> > > are case-sensitive.
> >> > >
> >> >
> >> > I am able to commit with a login that is in
> the dev
> >> group that is not in the dev1 group.
> >> >
> >> > The actual path is /svnrepo/ABC/DEF so I
> tried
> >> >
> >> > [/svnrepo/sandbox/tags]
> >> > @dev1 = rw
> >> >
> >> > and that doesn't work either. Based on the
> example in
> >> the file I also tried
> >> >
> >> > [repository:/svnrepo/sandbox/tags]
> >> > @dev1 = rw
> >> >
> >> > with no luck. Any ideas as to what I am doing
> wrong?
> >>
> >> You'll need to tighten permissions for the 'dev'
> group in
> >> /ABC/DEF also.
> >> [/]
> >> @dev = rw
> >> @qa = r
> >>
> >> [/ABC/DEF]
> >> @dev = r
> >> @dev1 = rw
> >>
> >> See this snippet from
> >> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
> >> "Of course, permissions are inherited from
> parent to
> >> child directory.
> >> That means we can specify a subdirectory with a
> >> different access policy
> >> for Sally:
> >>
> >> [calc:/branches/calc/bug-142]
> >> harry = rw
> >> sally = r
> >>
> >> # give sally write access only to the 'testing'
> >> subdir
> >> [calc:/branches/calc/bug-142/testing]
> >> sally = rw
> >>
> >> Now Sally can write to the testing subdirectory
> of
> >> the branch, but can
> >> still only read other parts. Harry, meanwhile,
> >> continues to have
> >> complete read/write access to the whole
> branch."
> >>
> >> The same applies when restricting access, rather
> than
> >> expanding it.
> >>
> >
> > I realize my explanation is wrong, my apologies. It is
> actually repo ABC with 40+ folders under it. I want to limit
> who has access to one of the folders (DEF). After looking at
> the svnbook, I thought the following would work but it is
> still not working:
> >
> > [ABC:/DEF]
> > @dev = r
> > @dev1 = rw
>
> Can you check if order of the rules matters? Either putting
> this rule
> with [ABC:/DEF] before or after the other one (for [ABC:/]).
> I'm not
> sure, but I vaguely remember some prior discussion about
> this ...
>
> --
> Johan
>
I tried swapping the order and that didn't work either. Am I stating it correctly?
[ABC:/DEF]
@dev = r
@dev1 = rw
Do I need the ABC in the front?
Received on 2012-01-30 23:21:03 CET