Setting SVN permissions with Dav SVN Authz
Posted
by
Ken
on Server Fault
See other posts from Server Fault
or by Ken
Published on 2011-01-12T19:51:07Z
Indexed on
2011/01/12
19:55 UTC
Read the original article
Hit count: 404
There seems to be a path inheritance issue which is boggling me over access restrictions.
For instance, if I grant rw
access one group/user, and wish to restrict it some /../../secret
to none, it promptly spits in my face.
Here is an example of what I'm trying to achieve in dav_svn.authz
[groups]
grp_W = a, b, c, g
grp_X = a, d, f, e
grp_Y = a, e,
[/]
* =
@grp_Y = rw
[somerepo1:/projectPot]
@grp_W = rw
[somerepo2:/projectKettle]
@grp_X = rw
What is expected: grp_Y
has rw
access to all repositories, while grp_W
and grp_X
only have access to their respective repositories.
What occurs: grp_Y
has access to all repositories, while grp_W
and grp_X
have access to nothing
If I flip the access ordering where I give everyone access and restrict it in each repository, it promply ignores the invalidation rule (stripping of rights) and gives everyone the access granted at the root level.
Forgoing groups, it performs the same with user specific provisions; even fully defined such as:
[/]
a = rw
b =
c =
d =
e =
f =
g = rw
[somerepo1:/projectPot]
a = rw
b = rw
c = rw
d =
e = rw
f =
g = rw
[somerepo2:/projectKettle]
a = rw
b
c
d = rw
e = rw
f = rw
g
Which yields the exact same result. According to the documentation I'm following all protocols so this is insane.
Running on Apache2 with dav_svn
© Server Fault or respective owner