[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Different behavior in authz

From: Karl Fogel <kfogel_at_red-bean.com>
Date: 2007-11-01 20:28:46 CET

Dcma Tsai -蔡孟甫 <Dcma.Tsai@zyxel.com.tw> writes:
> I use mod_authz to perform access control.
> In my situation, the repository has following directory layout
> [Repos]
> /
> |---Dir1
> |---Dir2
>
> Case 1:
> I set the authz configuration file as following:
>
> [Repos:/Dir1]
> userA = r
> *=
>
> userA can read directory Dir1 and other users can't.
> This means authz applies rule of userA first, then default policy rule.
>
> Case 2:
> I set the authz configuration file as following:
>
> [Repos:/Dir1]
> userA =
> *=r
>
> All user including userA can read directory Dir1.
> This means authz applies default policy rule for userA instead of the rule for
> userA.
>
> The behavior of authz is different, is this a bug or a normal case??

This is very interesting.

I don't know if it's a bug or not. It might be that authz's intended
behavior is to grant each user the most permissive access consistent
with what's in the authz conf file. There are several different ways
this precedence could work, I'm just not sure which one we intend
and/or document.

Any authz experts here?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Nov 1 20:28:58 2007

This is an archived mail posted to the Subversion Dev mailing list.