TransWikia.com

SVN, check out folders based on authz

Server Fault Asked by Still Shi on November 4, 2021

I’ve setup a svnserve service on freebsd and trying to figure out the best way to control the auth.

I have root folder A and sub folder A1, A2, A3

A--
   |-AdminFolder
   |-Project1
   |-Project2

There are 2 role group: g_admin and g_pm. I would like to know how to config authz to fulfill the following scenarios:

  1. As a admin I can check-out all folders with read/write permission.
  2. As a pm I can only check-out Projectn folders without evening seeing the "AdminFolder"
  3. I hope all users are using a same SVN path (SVN://host/A)

I tried the following authz config:

[/]
g_admin = rw
* = r

[/A/AdminFolder]
g_admin = rw
* = r

[/A/Project1]
g_admin = rw
g_pm = rw

[/A/Project2]
g_admin = rw
g_pm = rw

But then g_pm will see all the content under /…

One Answer

Re-read relevant part of SVN Book (slightly outdated in terms of versions, but usable) and fix some (obvious) parts of config

Because you have "2 role group" in requirements, you can add (for more future flexibility) groups section like

[groups]
admins = user1, user2
pms= user3, user4

and use group's references in rules later

Copy of rules with the same permissions are useless, because authz-rules are inherited from the above path.

As result, you'll get something like (not tested, just written)

[groups]
admins = user1, user2
pms = user3, user4

[/]
@admins = rw
* = r

[/A/AdminFolder]
* =

[/A/Project1]
pms = rw

[/A/Project2]
pms = rw

Answered by Lazy Badger on November 4, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP