You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Doug Dicks <dw...@revelanttech.com> on 2003/09/12 19:46:58 UTC
Restricted directory causes checkout to abort
I've got a repository that looks something like this:
/repo/Dir1
/repo/Dir2
/repo/DirN
/repo/HumanResources/Forms
/repo/HumanResources/Salary
/repo/SomeDir1
/repo/SomeDir2
/repo/SomeDir3
I've set up access controls using Apache LocationMatch directives (and
LDAP authentication) to limit access to the Salary subdirectory to only
the Human Resources folks. This works exactly like I want it to when I
access via a Web Browser. It prevents a non authorized person (not in
the require user x directive in Apache) from accessing it and prompts
for new credentials.
It works too well when I try to "svn checkout https://localhost/repo"
When it hits the restricted area, authorization fails, as it should. I
am also prompted for new credentials, but since I don't and shouldn't
know them, the checkout of that directory fails. The checkout stops
with an error. This leaves several directories not checked out.
What I want is for checkout to (optionally) print a warning and keep
going, so that my whole repository, except what I don't have access to,
is checked out.
Obviously I can work around this by checking out a directory at a time,
but it's hard enough to get the human resources and the sales folks to
use version control without the additional complication. I could write
a checkout script for them, but again, it's a complication.
So, is this a bug, a feature request, or am I just missing how to
configure Subversion correctly?
Would it work correctly if I was using mod_authz_svn instead of
LocationMatch blocks?
svn 0.29.0
tortoiseSVN-0.18
apache 2.0.47
RH 9
Thoughts?
Doug
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Restricted directory causes checkout to abort
Posted by Ben Collins-Sussman <su...@collab.net>.
Doug Dicks <dw...@revelanttech.com> writes:
> Are you saying that
> /a
> /b
> /c
> /restricted
> /d
>
> would be OK in general? It seems a checkout of the whole repo (/)
> would have the same problem. So I get the "check out each directory
> one at a time" solution, right?
Sure, that's fine.... but in general, one doesn't usually check out
the entire repository. You'd end up getting every single branch and
tag.
I'm suggesting that you break your repository into 'projects'. A
project is an independent directory, and is either restricted as a
whole, or unrestricted as a whole.
> IMO, it would be a very good feature for subversion to be able to
> handle restricted access to directories and files. It would be very
> useful for "enterprise" level adoptions as opposed to "workgroup"
> level adoptions.
>
> Thoughts?
I agree, it would be a good thing for svn to handle this more elegantly.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Restricted directory causes checkout to abort
Posted by "Jamin W. Collins" <jc...@asgardsrealm.net>.
On Fri, Sep 12, 2003 at 03:28:32PM -0500, Doug Dicks wrote:
>
> In my scenario, the repository is
>
> /a
> /b
> /c/restricted
> /d
>
> Are you saying that
> /a
> /b
> /c
> /restricted
> /d
>
> would be OK in general? It seems a checkout of the whole repo (/) would
> have the same problem. So I get the "check out each directory one at a
> time" solution, right?
Or use svn:externals:
http://svnbook.red-bean.com/html-chunk/ch06s03.html
--
Jamin W. Collins
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Restricted directory causes checkout to abort
Posted by Doug Dicks <dw...@revelanttech.com>.
Ben Collins-Sussman wrote:
>Doug Dicks <dw...@revelanttech.com> writes:
>
>
> In other words, don't nest
>restricted trees within non-restricted trees. Keep them separate.
>
>
In my scenario, the repository is
/a
/b
/c/restricted
/d
Are you saying that
/a
/b
/c
/restricted
/d
would be OK in general? It seems a checkout of the whole repo (/) would
have the same problem. So I get the "check out each directory one at a
time" solution, right?
Alternatively, I could set up a separate repository for the area I want
to secure. That's fine, if I have only a small number. But if I'm a
200 person company and I want to give everybody their own "private" work
area on the server, I have to set up 200 repositories.
IMO, it would be a very good feature for subversion to be able to handle
restricted access to directories and files. It would be very useful for
"enterprise" level adoptions as opposed to "workgroup" level adoptions.
Thoughts?
Doug
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Restricted directory causes checkout to abort
Posted by Ben Collins-Sussman <su...@collab.net>.
Doug Dicks <dw...@revelanttech.com> writes:
> So, is this a bug, a feature request, or am I just missing how to
> configure Subversion correctly?
Subversion versions directories, so it expects to have "complete"
directories all the time. We've not yet built in any sort of support
for maintaining "partial" trees.
Well, really, we have partial-directory support only in the sense
that the working copy *knows* when portions of a tree are missing.
Unfortunately, the working copy considers this to be a "broken" tree
in need of repair by 'svn update'.
Independent of the question "will this design ever change?", you can
work around it by simply Not Doing That. In other words, don't nest
restricted trees within non-restricted trees. Keep them separate.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org