subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriel Ricardo <gabriel.rica...@gmail.com>
Subject restricting sub-directory permissions
Date Wed, 16 Dec 2009 19:36:03 GMT
I cannot figure out how to restrict permissions on a sub-directory.
What I want is to have anonymous read/write access to everything
except a sub-directory, where only two users have read/write and
everyone else has no access (read or write).  I've done a lot of
reading of the manual and googling the users list but can't find
anything that solves my problem.
Much appreciated if someone can point out my mistake.

I'm using Redhat 5.2, which comes with subversion 1.4.2 (r22196). and
apache 2.2.3

I have one repository at /usr/local/vn7/repos
The relevant parts of my httpd.conf looks like this
# SVN setup
<Location /svn>
    DAV svn
    SVNPath /usr/local/vn7/repos
    # our access control policy
    AuthzSVNAccessFile /usr/local/vn7/etc/svn_auth_paths
    # try anonymous access first, resort to real
    # authentication if necessary.
    Satisfy Any
    Require valid-user

    # how to authenticate a user
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /usr/local/vn7/etc/svn_auth_users

</Location>

My AuthUserFile looks like this:
[/]
* = rw

[/Delta/trunk/qsrc/strategies]
mchen = rw
gricardo = rw
* =


I want to restrict the /Delta/trunk/qsrc/strategies directory to only
have the two users mentioned in the file to access it.
What happens is that when I update (svn update) from the
Delta/trunk/qsrc directory of a "working copy" as user gricardo (or
any other user), I do not get the updates for the strategies
directory.
I don't get any prompt asking for password, or any permission error
messages, it just does a normal update but doesn't seem to know
anything about the sub-directory of interest.
I don't get any errors in the httpd log files.  The httpd access_log has this
10.10.10.220 - - [16/Dec/2009:11:12:50 -0800] "PROPFIND
/svn/Delta/trunk/qsrc HTTP/1.1" 207 698 "-" "SVN/1.4.2 (r22196)
neon/0.25.5"
10.10.10.220 - - [16/Dec/2009:11:12:50 -0800] "PROPFIND
/svn/!svn/vcc/default HTTP/1.1" 207 390 "-" "SVN/1.4.2 (r22196)
neon/0.25.5"
10.10.10.220 - - [16/Dec/2009:11:12:50 -0800] "PROPFIND
/svn/!svn/bln/376 HTTP/1.1" 207 445 "-" "SVN/1.4.2 (r22196)
neon/0.25.5"
10.10.10.220 - - [16/Dec/2009:11:12:50 -0800] "PROPFIND
/svn/Delta/trunk/qsrc HTTP/1.1" 207 698 "-" "SVN/1.4.2 (r22196)
neon/0.25.5"
10.10.10.220 - - [16/Dec/2009:11:12:50 -0800] "REPORT
/svn/!svn/vcc/default HTTP/1.1" 200 4247 "-" "SVN/1.4.2 (r22196)
neon/0.25.5"

The weird thing is if I change the path in the AuthUserFile to this
(add a forward slash at the end of the path):
[/Delta/trunk/qsrc/strategies/]
...then I can update and get the directory and changes under it, but
as ANY user.  It does not restrict access.
I've tried re-ordering the user/anonymous permissions lines, and I
just cannot get the behavior I want.
I can get other types of restricted asses to work.  For example, I can
restrict the entire repo to only have user gricardo = rw.  This works,
and it prompts user gricardo for a password and then allows
updates/commits, etc....
Please help.

Thanks,
-Gabriel

Mime
View raw message