You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Matthias Fechner <id...@fechner.net> on 2008/03/13 11:38:21 UTC

Directory based access

Hi,

I have here my repository under /usr/local/svn/testrepo.
Access to it is realized with ssh and scponly as shell which works 
perfectly.

The structure of the repository is:
/trunk
/branches
/tags

And under that directories are subdirectories.

Now I tried to limit access to it but I have no idea howto write the 
directory in the authz file.

I have in svnserve.conf:
[general]
anon-access = none
auth-access = read
auth-access = write
authz-db = authz
realm = Test Repository

In the file authz:
[groups]
software-readonly = test

[/]
@software-readonly =

[testrepo:/trunk]
@software-readonly = r

But the access for the user test is denied, what is wrong here?
(If I disable the authz-db line in the svnserve.conf everything is 
working again but without directory limitation).

Best regards,
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Directory based access

Posted by Matthias Fechner <id...@fechner.net>.

Hi Matt,

Matt imMute Sickler wrote:
> We will need more of the authz file inorder to help.  What you gave us 
> is not enough.

thx for your answer, I will try to sum it up again.
The repository is located under:
/usr/local/svn/test

The structure is:
/trunk
   /trunk/sw
   /trunk/hw
/branches
/tags

The users login via ssh (svn+ssh://).
What I want now is to limit access to /trunk/sw and /trunk/hw to two 
different groups of users.
For that i defined groups in authz with:
[groups]
software-read = test
hardware-read = test2

Then I forbid access to the directory:
[/]
@software-read =
@hardware-read =

The I tried to allow accces for the groups but that fails and I have no 
idea how to do it correctly:
[test:/trunk/hw]
@hardware-read = rw

[test:/trunk/sw]
@software-read = rw

I think the problem is the [test:/trunk/hw] but I found nothing in the 
documentation howto really write that line correctly, can someone help 
me here please?

Best regards,
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Directory based access

Posted by Matt imMute Sickler <im...@msk4.ath.cx>.

Matthias Fechner wrote:
> Hi,
> 
> Matthias Fechner schrieb:
>> [/]
>> @software-readonly =
>>
>> [testrepo:/trunk]
>> @software-readonly = r
>>
>> But the access for the user test is denied, what is wrong here?
>> (If I disable the authz-db line in the svnserve.conf everything is 
>> working again but without directory limitation).
> 
> can here really no one help?
> 
> Best regards,
> Matthias
> 

We will need more of the authz file inorder to help.  What you gave us 
is not enough.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Directory based access

Posted by Matthias Fechner <id...@fechner.net>.

Hi,

Matthias Fechner schrieb:
> [/]
> @software-readonly =
> 
> [testrepo:/trunk]
> @software-readonly = r
> 
> But the access for the user test is denied, what is wrong here?
> (If I disable the authz-db line in the svnserve.conf everything is 
> working again but without directory limitation).

can here really no one help?

Best regards,
Matthias

-- 
"Programming today is a race between software engineers striving to 
build bigger and better idiot-proof programs, and the universe trying to 
produce bigger and better idiots. So far, the universe is winning." -- 
Rich Cook

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org