SVN Restrict File Access using Wildcards

2019-02-23 09:23发布

问题:

I took over as software lead on a project and am now managing the SVN repository for said project. Access to different parts are being controlled with an authz file. Groups have been set up for developers, leads, testers and cm control.

A file exists in multiple branches and tags that we want to limit access to. In order to lock it down, I want no read or write access except to the leads group. Is there a way to do this without listing out each branch/tag area where it could be? I don't want anyone to go find it in an old revision if possible.

An exmaple of my authz file is here:

### Groups
[groups]
developers = user1, user2
leads = fearless_leader

##############################################
### Defaults for all repos in this directory
##############################################
[/]
*=r
@developers = r
@leads = rw
##############################################
### Project repository settings
##############################################
[project_src:/]
@developers = rw
@leads = rw

##############################################
### myPrivateKey.pfx settings
##############################################
[project_src:/project/branches/release1/deploy/licenses/myPrivateKey.pfx]
@developers = 
@leads = rw

I am hoping that I can use wildcards to do something like the following (but this didn't work):

##############################################
### myPrivateKey.pfx settings
##############################################
[project_src:/project/branches/*/deploy/licenses/myPrivateKey.pfx]
@developers = 
@leads = rw

Thanks for any assistance.

回答1:

Subversion's authz file does not support wildcards. It's just that simple. The feature does not exist.

You can restrict via wildcards with a pre-commit hook script like svnperms.py, but nothing for read access.



回答2:

As @alroc already answered -- Subversion's path-based authorization does not support wildcards in authz file as of version 1.8; I doubt wildcards in authz files are going to be implemented in the upcoming Subversion 1.9 release however there is a chance that we will see them in one of the next releases.

There is a bugtracker entry #2662 "authz with wildcards" that has target milestone as 1.9-consider but since Subversion 1.9 release is right around the corner I don't think you see any progress on this in near future.