[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Multiple matching lines in authz file

From: Eric Lee <pgeric_at_gmail.com>
Date: Tue, 26 Jan 2010 18:52:38 +0800

On Fri, Jan 15, 2010 at 6:16 AM, Philip Martin <philip_at_codematters.co.uk>wrote:

> What should happen when a username matches multiple lines in an authz
> file? The svnbook states that the first matching line applies:
>
> [groups]
> paint-developers = frank, sally, jane
>
> [paint:/projects/paint]
> jane = r
> @paint-developers = rw
>
> Another important fact is that the first matching rule is the one
> which gets applied to a user. In the prior example, even though
> Jane is a member of the paint-developers group (which has
> read/write access), the jane = r rule will be discovered and
> matched before the group rule, thus denying Jane write access.
>
> That's not what happens when I try it. I've stepped through in the
> debugger and all lines that match get considered and the resulting
> authz is the combination of all the permissions. In the above example
> jane will have read/write access. Even simple authz files behave this
> way:
>
> [/]
> philip =
> * = r
>
> The book implies that philip would be denied access but when I try it
> read access is allowed. Is this a book bug or a Subversion bug?
>
> If it's a Subversion bug can we fix it? Do admins want this
> behaviour? Can we change the behaviour of existing authz files? I
> suppose we could introduce a some sort of directive to control the
> matching behaviour:
>
> [directives]
> match = first
>
>
Yes, you are right. it actual permission given out was the r , w but not r
only.
I have been experience this issue staring from 1.6.4. ( I have't yet tested
it on later version)
May I ask when a patch will come up for fixing this ?

Eric,
Regards,

--
> Philip
>
Received on 2010-01-26 11:53:12 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.