--- On Mon, 1/30/12, Johan Corveleyn <jcor...@gmail.com> wrote:
> From: Johan Corveleyn <jcor...@gmail.com> > Subject: Re: Limited subdirectory access > To: "K F" <cmkfo...@yahoo.com> > Cc: "Stefan Sperling" <s...@elego.de>, "Andy Levy" <andy.l...@gmail.com>, > users@subversion.apache.org > Date: Monday, January 30, 2012, 10:13 PM > On Mon, Jan 30, 2012 at 10:55 PM, K F > <cmkfo...@yahoo.com> > wrote: > > > > > > --- On Mon, 1/30/12, Stefan Sperling <s...@elego.de> > wrote: > > > >> From: Stefan Sperling <s...@elego.de> > >> Subject: Re: Limited subdirectory access > >> To: "K F" <cmkfo...@yahoo.com> > >> Cc: "Andy Levy" <andy.l...@gmail.com>, > users@subversion.apache.org > >> Date: Monday, January 30, 2012, 9:32 PM > >> On Mon, Jan 30, 2012 at 01:14:53PM > >> -0800, K F wrote: > >> > --- On Mon, 1/30/12, Andy Levy <andy.l...@gmail.com> > >> wrote: > >> > > have it setup in the authz file now: > >> > > > [/] > >> > > > @dev = rw > >> > > > @qa = r > >> > > > > >> > > > [/ABC/DEF] > >> > > > @dev1 = rw > >> > > > > >> > > > Do I need to be more specific? > >> > > > > >> > > > >> > > What exactly isn't working? > >> > > > >> > > Is dev1 a group, or an individual? > >> > > > >> > > Do you have the case of the path matched > exactly? > >> The rules > >> > > are case-sensitive. > >> > > > >> > > >> > I am able to commit with a login that is in > the dev > >> group that is not in the dev1 group. > >> > > >> > The actual path is /svnrepo/ABC/DEF so I > tried > >> > > >> > [/svnrepo/sandbox/tags] > >> > @dev1 = rw > >> > > >> > and that doesn't work either. Based on the > example in > >> the file I also tried > >> > > >> > [repository:/svnrepo/sandbox/tags] > >> > @dev1 = rw > >> > > >> > with no luck. Any ideas as to what I am doing > wrong? > >> > >> You'll need to tighten permissions for the 'dev' > group in > >> /ABC/DEF also. > >> [/] > >> @dev = rw > >> @qa = r > >> > >> [/ABC/DEF] > >> @dev = r > >> @dev1 = rw > >> > >> See this snippet from > >> http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html > >> "Of course, permissions are inherited from > parent to > >> child directory. > >> That means we can specify a subdirectory with a > >> different access policy > >> for Sally: > >> > >> [calc:/branches/calc/bug-142] > >> harry = rw > >> sally = r > >> > >> # give sally write access only to the 'testing' > >> subdir > >> [calc:/branches/calc/bug-142/testing] > >> sally = rw > >> > >> Now Sally can write to the testing subdirectory > of > >> the branch, but can > >> still only read other parts. Harry, meanwhile, > >> continues to have > >> complete read/write access to the whole > branch." > >> > >> The same applies when restricting access, rather > than > >> expanding it. > >> > > > > I realize my explanation is wrong, my apologies. It is > actually repo ABC with 40+ folders under it. I want to limit > who has access to one of the folders (DEF). After looking at > the svnbook, I thought the following would work but it is > still not working: > > > > [ABC:/DEF] > > @dev = r > > @dev1 = rw > > Can you check if order of the rules matters? Either putting > this rule > with [ABC:/DEF] before or after the other one (for [ABC:/]). > I'm not > sure, but I vaguely remember some prior discussion about > this ... > > -- > Johan > I tried swapping the order and that didn't work either. Am I stating it correctly? [ABC:/DEF] @dev = r @dev1 = rw Do I need the ABC in the front?
