Have the following configuration in authz.txt file: [repo:/trunk] @users=rw @priv_users=rw [repo:/trunk/src] @priv_users=rw *= The objective of this is to restrict access to the /trunk/src repository to just the priv_users group. Using any Subversion client. If the top level /trunk directory is checked out then all of the objects *other* than src are checked out. If /trunk/src is specifically checked out then an error is received. This happens regardless of whether the user is present in priv_users or not. Web-browsers are able to browse /trunk and /trunk/src successfully using appropriate group members. There is an inconsistency between the two different access methods: Either: a) The "*= " rule should over-ride the more specific access control of "@priv_users=rw" in which case no access should be available to any users via either a Subversion client or via the web-browser. or b) The "@priv_users=rw" is more specific to a particular user therefore it should override the generic "*=" statement. Scenario "b" would be more in line with expected results.
Original issue reported by dg