Access Control

[Res Pons <po...@hotmail.com>]

Hi All


We�re running Subversion under Apache 2 and our repository is created under 
/local1/svn using FSF.  There�re 4 projects under svn graphical presentation 
of the directory structure. E.g.

Proj1 with trunk, branches, tags subfolders
Proj2 with trunk, branches, tags subfolders
Proj3 with trunk, branches, tags subfolders
Proj4 with trunk, branches, tags subfolders

Users use windows client to contact the repo.


------------I use the following in my httpd.conf------------------
.
.
LoadModule dav_module /usr/lib/httpd/modules/mod_dav.so
LoadModule dav_svn_module /usr/lib/httpd/modules/mod_dav_svn.so
LoadModule authz_svn_module /usr/lib/httpd/modules/mod_authz_svn.so
LoadModule rewrite_module /usr/local/apache2/modules/mod_rewrite.so
.
.
.
User www
Group www
.
.
.

<Location /svn>

DAV svn

SVNPath /local1/svn
#SVNParentPath /local1/svn

AuthzSVNAccessFile /local1/svn/conf/svn-access-file
#Satisfy Any
Require valid-user
AuthType Basic
AuthName "Subversion Access"
AuthUserFile /local1/svn/conf/svn-pwd-file

</Location>
-------------------------end of file---------------------


My access & pw files reside in /local1/svn/conf

The password file has encrypted passwords in it  and AuthUserFile in 
httpd.conf points to it.

Here�s a simple snapshot of the access file:

----------------------Access File-----------------------------------
[general]

#password-db = svn-pwd-file
#realm = svn access
#anon-access = read
#auth-access = write

[groups]

svnAdmin =  samR
svnTags = samR
svnWriteGroup = user1, user2, user3,
svnReadGroup = user5, user6
svntesters = testuser

[/]
* = r
@svnAdmin = rw

[proj1:/]
@svnWriteGroup = rw
@svnReadGroup =

[proj1:/tags]
@svnTags = rw
@svnWriteGroup = r
@svnReadGroup = r

[svn:/proj2/trunk/webproducts]
@svntesters =

---------------------------- end of file------------------------

AND HERE�S THE PROBLEM:

When I do �svn list --username testuser 
http://svn.ourdomain.com/svn/proj2/trunk� at the C: prompt

I get to see the hidden folder listed!  I have tried EVERY variation of 
[svn:/proj2/trunk/webproducts] as follows:

[:/proj2/trunk/webproducts]
[/proj2/trunk/webproducts]
[proj2/trunk/webproducts]
[trunk/webproducts]

WHAT AM I DOING WRONG? Help please.

_________________________________________________________________
Don�t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: Access Control

[Lieven Govaerts <lg...@mobsol.be>]

Hi,

> -----Original Message-----
> From: Res Pons [mailto:pons32@hotmail.com] 
 
...
> 
> ---------------------------- end of file------------------------
> 
> AND HERE'S THE PROBLEM:
> 
> When I do "svn list --username testuser 
> http://svn.ourdomain.com/svn/proj2/trunk" at the C: prompt
> 
> I get to see the hidden folder listed!  I have tried EVERY 
> variation of [svn:/proj2/trunk/webproducts] as follows:
> 
> [:/proj2/trunk/webproducts]
> [/proj2/trunk/webproducts]
> [proj2/trunk/webproducts]
> [trunk/webproducts]
> 
> WHAT AM I DOING WRONG? Help please.

In fact, as far as I know, you can't do this with Subversion, there's no
concept of a hidden folder. The only concepts you have are read-access and
write-access. Disabling read-access on a folder, which is what you have done
in this setup, disables the access to the contents of that folder (
subfolders and files ).

You can workaround this behaviour by making a 'private' folder, with
read-access disabled for user 'testuser', and then put your webproducts
folder inside that 'private' folder.

Lieven.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org