SVN authz, path-based authentication woes

Ronny Brendel picture Ronny Brendel · Jun 11, 2009 · Viewed 15k times · Source
[groups]
developer = a,b,c
doc = r,x

[/doc]
@doc = rw
@developer = rw

[/]
@developer = rw
* =

If now a member of the group doc tries to check out the documentation, it does not work. I want members of doc just to be able to check out the sub-dir doc, anything else is forbidden. Any ideas howto achieve this?

kind regards ronny

[update]

client: svn, version 1.5.4 (r33841) server: svn, Version 1.4.6 (r28521)

access via svn+ssh:/user@host/fullpath-to-repos

  • 1 perfectly works for two years
  • 2 might be - see version numbers above (I'll contant our admin, immediatelly)
  • 3 no? just ssh
  • 4 nope
  • 5 nope

[update]

  • using client version svn 1.4.6 (r28521) does not work either - same errors
  • I use plain command line access. svn co svn+ssh://....

[update]

  • server:Linux 2.6.16.60-0.39.3-default9 i686 athlon i386 GNU/Linux - suse 10? or something like that I think
  • client: Kubuntu 9.04
  • connection via OpenSSH SSH client
  • the server rejects svn:// connections from localhost - any connection --- gotta try it with a copy at home time soon

[update 4] * this is not my own server, I cannot do what I want with it. It is a very old server 10 years at least running, with hundreds of users. Standard things should work. correct me if I am missing something.

[update 5] believe it or not. I was using the wrong path and now everything works perfectly well, I am sorry to have wasted your time. I'll give the bounty to FoxyBOA for his efford.

Answer

Farshid picture Farshid · May 14, 2010

The true way to do this is here :

[groups]
developer = a,b,c
doc = r,x

[doc:/]
* =  
@doc = rw
@developer = rw

[otherPath:/]
* =
@developer = rw
@doc = r

[/] 
* = rw