Setting SVN permissions with Dav SVN Authz
- by Ken
There seems to be a path inheritance issue which is boggling me over access restrictions.
For instance, if I grant rw access one group/user, and wish to restrict it some /../../secret to none, it promptly spits in my face.
Here is an example of what I'm trying to achieve in dav_svn.authz
[groups]
grp_W = a, b, c, g
grp_X = a, d, f, e
grp_Y = a, e,
[/]
* =
@grp_Y = rw
[somerepo1:/projectPot]
@grp_W = rw
[somerepo2:/projectKettle]
@grp_X = rw
What is expected: grp_Y has rw access to all repositories, while grp_W and grp_X only have access to their respective repositories.
What occurs: grp_Y has access to all repositories, while grp_W and grp_X have access to nothing
If I flip the access ordering where I give everyone access and restrict it in each repository, it promply ignores the invalidation rule (stripping of rights) and gives everyone the access granted at the root level.
Forgoing groups, it performs the same with user specific provisions; even fully defined such as:
[/]
a = rw
b =
c =
d =
e =
f =
g = rw
[somerepo1:/projectPot]
a = rw
b = rw
c = rw
d =
e = rw
f =
g = rw
[somerepo2:/projectKettle]
a = rw
b
c
d = rw
e = rw
f = rw
g
Which yields the exact same result. According to the documentation I'm following all protocols so this is insane.
Running on Apache2 with dav_svn