Setting SVN permissions with Dav SVN Authz

Posted by Ken on Server Fault See other posts from Server Fault or by Ken
Published on 2011-01-12T19:51:07Z Indexed on 2011/01/12 19:55 UTC
Read the original article Hit count: 404

Filed under:
|
|

There seems to be a path inheritance issue which is boggling me over access restrictions. For instance, if I grant rw access one group/user, and wish to restrict it some /../../secret to none, it promptly spits in my face.

Here is an example of what I'm trying to achieve in dav_svn.authz

[groups]
grp_W = a, b, c, g
grp_X = a, d, f, e
grp_Y = a, e,

[/]
* = 
@grp_Y = rw

[somerepo1:/projectPot]
@grp_W = rw

[somerepo2:/projectKettle]
@grp_X = rw

What is expected: grp_Y has rw access to all repositories, while grp_W and grp_X only have access to their respective repositories.

What occurs: grp_Y has access to all repositories, while grp_W and grp_X have access to nothing

If I flip the access ordering where I give everyone access and restrict it in each repository, it promply ignores the invalidation rule (stripping of rights) and gives everyone the access granted at the root level.

Forgoing groups, it performs the same with user specific provisions; even fully defined such as:

[/]
a = rw
b = 
c = 
d = 
e =
f = 
g = rw

[somerepo1:/projectPot]
a = rw
b = rw
c = rw
d =
e = rw
f =
g = rw

[somerepo2:/projectKettle]
a = rw
b
c
d = rw
e = rw
f = rw
g

Which yields the exact same result. According to the documentation I'm following all protocols so this is insane.

Running on Apache2 with dav_svn

© Server Fault or respective owner

Related posts about apache2

Related posts about svn