[svn-policy] Anonymous read in toplevel but deny read deeper

[Ray Rashif <sc...@gmail.com>]

Hi all

I have something like the following:

[groups]
admin = joe
contrib = susan, mark
devs = andy, jane

[/]
* = r

[/trunk]
@admin = rw

[/trunk/contrib]
@contrib = rw
@devs = rw

[/trunk/dev]
* =
@contrib =
@devs = rw

Unfortunately, authentication does not work, and anyone can read
'/trunk/dev' and I guess that is due to '* = r' in toplevel.
Strangely, it works for groups, the only change being:

[/]
@contrib = r

And nothing for '*' anywhere, that would prevent anyone in the group
'contrib' to pull '/trunk/dev' in a full checkout. But this then locks
out anonymous read-only full checkouts (I can have '* = r' for each
dir except 'dev'), which I do not want.

Thanks beforehand!


--
GPG/PGP ID: B42DDCAD

Re: [svn-policy] Anonymous read in toplevel but deny read deeper

[Mark Phippard <ma...@gmail.com>]

See:

http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html


On Fri, Oct 1, 2010 at 7:25 AM, Ray Rashif <sc...@gmail.com> wrote:
> Hi all
>
> I have something like the following:
>
> [groups]
> admin = joe
> contrib = susan, mark
> devs = andy, jane
>
> [/]
> * = r
>
> [/trunk]
> @admin = rw
>
> [/trunk/contrib]
> @contrib = rw
> @devs = rw
>
> [/trunk/dev]
> * =
> @contrib =
> @devs = rw
>
> Unfortunately, authentication does not work, and anyone can read
> '/trunk/dev' and I guess that is due to '* = r' in toplevel.
> Strangely, it works for groups, the only change being:
>
> [/]
> @contrib = r
>
> And nothing for '*' anywhere, that would prevent anyone in the group
> 'contrib' to pull '/trunk/dev' in a full checkout. But this then locks
> out anonymous read-only full checkouts (I can have '* = r' for each
> dir except 'dev'), which I do not want.
>
> Thanks beforehand!
>
>
> --
> GPG/PGP ID: B42DDCAD
>



-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/