svnauthorizationcollabnetauthz

SVN Restrict File Access using Wildcards


I took over as software lead on a project and am now managing the SVN repository for said project. Access to different parts are being controlled with an authz file. Groups have been set up for developers, leads, testers and cm control.

A file exists in multiple branches and tags that we want to limit access to. In order to lock it down, I want no read or write access except to the leads group. Is there a way to do this without listing out each branch/tag area where it could be? I don't want anyone to go find it in an old revision if possible.

An exmaple of my authz file is here:

### Groups
[groups]
developers = user1, user2
leads = fearless_leader

##############################################
### Defaults for all repos in this directory
##############################################
[/]
*=r
@developers = r
@leads = rw
##############################################
### Project repository settings
##############################################
[project_src:/]
@developers = rw
@leads = rw

##############################################
### myPrivateKey.pfx settings
##############################################
[project_src:/project/branches/release1/deploy/licenses/myPrivateKey.pfx]
@developers = 
@leads = rw

I am hoping that I can use wildcards to do something like the following (but this didn't work):

##############################################
### myPrivateKey.pfx settings
##############################################
[project_src:/project/branches/*/deploy/licenses/myPrivateKey.pfx]
@developers = 
@leads = rw

Thanks for any assistance.


Solution

  • Subversion's authz file does not support wildcards. It's just that simple. The feature does not exist.

    You can restrict via wildcards with a pre-commit hook script like svnperms.py, but nothing for read access.