Another authz question

[Rainer Sokoll <R....@intershop.de>]

Hi all,

(I've read through authz: what has precedence when user..., but this
does not cover my problem, I think.)

svn 1.3.1 running as an apache DSO.
Access to the entire webserver ony for authenticated users.

Snipplet from httpd.conf:
  </Location>
   <Location /foo/>
     Include conf/subversion.conf
     SVNParentPath /svn/svn/foo
     AuthzSVNAccessFile conf/svnaccess/svnaccess.foo
     AuthName "Access to HR area"
  </Location>

Snipplet from subversion.conf:
DAV svn
SVNIndexXSLT "/svnindex.xsl"
SVNListParentPath on
AuthType Basic
[AuthLDAP stuff]
require valid-user

Now for svnaccess.foo:
[groups]
restrictgroup = external1, external2
agroup = internal1, internal2
[/]
@restrictgroup =
* = r
[aproject:/]
@agroup = rw

I would think:
1.: external1 end external2 are not alllowed to see the root ([/]).
2.: As access controls are inherited, both also cannot see aproject.
But they see all :-(

If I use this:
[aproject:/]
@restrictgroup =
@agroup = rw

external1 and external2 cannot access aproject. But I do not want to use
this, since I have a lot of projects and sometimes I may forget to deny
access.
What I want to have: members of restrictgroup shall only see a certain
directory in a certain project. They also must not read the root
(SVNParentPath).
How would you do this?

Thanks,
Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org