I am administering a server running Apache Httpd with WebDAV serving a Subversion 1.6.6 repository set on an Ubuntu Server 10.04 LTS.
A while back I setup path-based authentication using mod_authz_svn in addition to the AuthUserFile directive for logins. This has been working quite well; however, I recently needed to change some of the permissions due to a legal requirement that some users not be allowed to access certain paths. My initial update was just to protect the paths in the AuthzSVNAccessFile: [myrepo:/path/to/protected/area1/protectedItem] @no_access_group = [myrepo:/path/to/protected/area2/protectedItem] @no_access_group = All the protected paths have a common directory name that is not to be accessed. However, I am concerned that this method will only work until a user (any user) copies a path (e.g. /path/to/protected/area2) to another path, and thus 'protectedItem' becomes available at the new path without anyone realizing it. Ideally I would have something like the following instead of having 6 or so copies of the above: [myrepo:*/protectedItem] @no_access_group = I looked over the SVN Redbook information and the Apache2 2.2 documentation but could not find anything to say that was supported, etc. Is there a way I can do this reliably? Upgrading the software (especially if it gets this functionality) would be relatively easy to do/request. While I realize a better method would be to dump/filter/reload the repository we don't want to do that quite yet as we have a number of working copies on numerous machines that we do not want to invalidate as a result. I am considering it at some point, but only if absolutely necessary. TIA, Ben
