Path based authorization

I'm not sure this is a bug or the documentation is wrong, or I'm
misunderstanding the concept.

The setup and config:

Redhat Enterprise Linux AS release 4 (October Update 7)

Apache 2.2.16

Subversion version 1.6.12 from Collabnet

mod_authz_svn.so built from Subversion sources 1.6.13 (uses 1.6.12 libs
at runtime)

In the SVN doc:

Section 6.5 Path-Based Authorization

[paint:/projects/paint]

jane = r

@paint-developers = rw

Another important fact is that the first matching rule is the one which
gets applied to a user. In the prior example,

even though Jane is a member of the paint-developers group (which has
read/write access), the jane = r

rule will be discovered and matched before the group rule, thus denying
Jane write access.

My authz file:

[groups]

Administrators = admin, r.thompson, john.robbins

SE-tech = r.thompson, john.robbins, test.user

[/]

#start with everyone has read access

* = r

@Administrators = rw

[SystemEngineering:/trunk]

test.user = r

@Administrators = rw

@SE-tech = rw

I am not getting the results as described in the documentation. I
thought excluding a user from write access even though they were a
member of an rw group was kind of handy. I have observed this behavior
in both svn and http protocols. Even though the test.user has been
designated as "r" on the trunk, that user can still commit to the
SystemEngineering/trunk repository folder.

Any help or clarification would be greatly appreciated.

Bob Johnson

CGI - Insurance Sector

Columbia, S.C.

(803)917-7751

 
Received on 2010-10-26 07:19:30 CEST