subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vallon, Justin" <Justin.Val...@deshaw.com>
Subject Granting full access to a directory, readonly access to path to directory, deny access to rest of tree?
Date Thu, 05 Aug 2010 15:18:18 GMT
Suppose I have a bunch of projects, and I want to grant full access to a group, but no access
to anything else.  Please don't call me anti-social.

/trunk/proja
/trunk/projb
/trunk/projc

I want to grant full access to proja to groupa, but no access to the others.  How can I do
this?

[repo:/]
@groupa = r
@others = rw

[repo:/trunk/proja]
@groupa = rw

[repo:/trunk/projb]
@groupa =

[repo:/trunk/projc]
@groupa =

However, this does not scale well.  When I add projd, I need to make sure that I remove access
(@groupa=;) for all the groups that should not have access.  That is, I am practicing negative
access control (deny access), which is error prone.

Is there a way for the permissions to not be recursive, so that I could grant @groupa access
to / without it applying to /**?

We could reorg the repo (/trunk/secret and /trunk/groupa), but that seems like the tail wagging
the dog (security issues dictating repo layout).

--
-Justin


Mime
View raw message