You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Sami Mikhail <th...@yahoo.com> on 2008/05/06 16:34:57 UTC

SVNServe path based authorization help.

I've been digging for three days now, but no joy.

Running basic svnserver daemon on Windows.

Let's say I have:

C:\MYPROJECT
\---devDirectories
    +---database
    \---java
        \---sql

In case that's not clear:
C:\MyProject\devDirectories
C:\MyProject\devDirectories\database
C:\MyProject\devDirectories\java
C:\MyProject\devDirectories\java\sql

We need to give the development team RW access to everything; the DBA team RW to only the "database" and the da team RW to "sql" directories.

(The directory structure is significantly more complex than that, and we have multiple active branches....)

I've tried various combinations in my authorization file:
[groups]
da = harry, sally
dba = fred, george
developers = ron, hermione, neville

[/]
da =
dba =
developers = rw
* = r


[/MyProject/devDirectories/database/]
@dba = rw

[/MyProject/devDirectories/java/sql]
@da = rw

Nothing seems to work the way I expect it to. Has anyone gotten this kind of scenario to work? What's the right way of doing this?

I can do whatever needs to be done with authorization/permissions, but i cannot change the directory structure.

Any help greatly appreciated.

Re: SVNServe path based authorization help.

Posted by Hari Kodungallur <hk...@gmail.com>.

On Tue, May 6, 2008 at 9:34 AM, Sami Mikhail <th...@yahoo.com> wrote:

> I've been digging for three days now, but no joy.
>
> Running basic svnserver daemon on Windows.
>
> Let's say I have:
>
> C:\MYPROJECT
> \---devDirectories
>     +---database
>     \---java
>         \---sql
>
> In case that's not clear:
> C:\MyProject\devDirectories
> C:\MyProject\devDirectories\database
> C:\MyProject\devDirectories\java
> C:\MyProject\devDirectories\java\sql
>
> We need to give the development team RW access to everything; the DBA team
> RW to only the "database" and the da team RW to "sql" directories.
>
> (The directory structure is significantly more complex than that, and we
> have multiple active branches....)
>
> I've tried various combinations in my authorization file:
> [groups]
> da = harry, sally
> dba = fred, george
> developers = ron, hermione, neville
>
> [/]
> da =
> dba =
> developers = rw
> * = r
>
>
> [/MyProject/devDirectories/database/]
> @dba = rw
>
> [/MyProject/devDirectories/java/sql]
> @da = rw
>
> Nothing seems to work the way I expect it to. Has anyone gotten this kind
> of scenario to work? What's the right way of doing this?
>
> I can do whatever needs to be done with authorization/permissions, but i
> cannot change the directory structure.
>
> Any help greatly appreciated.
>

Can you provide some more info:

(1) What you have shown is the directory structure in the working copy,
which potentially reflects the one on the server. But I just want to make
sure that all directories including MyProjects is part of the repository.

(2) I assume you have set (or uncommented) the password-db and authz-db
config parameters in the svnserve.conf file.

(3) When you say "Nothing seems to work the way I expect it to", what
exactly happens. With the given access control file, what works and what
does not?

(4) I am not absolutely sure, but if my memory serves me right, the case
where you have provided " * = r", will let the all users including dba and
db to read that directory. I am not sure whether that is a bug or if it is a
bug, if it is fixed in later versions. I think early 1.4.x had that issue.

Thanks,
-Hari