[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Fine-grained permissions on checked out files?

From: Branko Čibej <brane_at_xbc.nu>
Date: 2002-08-21 21:16:36 CEST

Justin Erenkrantz wrote:

>On Wed, Aug 21, 2002 at 05:13:33PM +0200, Branko ??ibej wrote:
>>Well, the first thought and concern is that this is extremely
>>Unix-centric -- but I guess you're aware of that. :-) The second thing
>>that comes to mind is that, to make this complete, you'd have to store
>>the file's owner and/or group, too.
>That could be added via svn:owner, svn:group. In my case, I wouldn't
>want that as the owner or group may change, but I want the
>permissions to be the same.
Urgh, yuck. Let's not go that way.

>>All of which leads towards storing and restoring ACLs.
>Exactly. I believe that this can become a feature of the SCM rather
>than something it ignores.
+1 all over that.

>>So: +0 if you can come up with a generic way to describe a file's ACL,
>>and use that, even if it's initially only used for Unix permission bits.
>>If it can be used to version NT ACLs and various Unix ACL flavours, I'd
>>be quite happy. (You do realize, of course, that if you go this way,
>>then sooner or later ther'll have to be a generic ACL API in APR, too --
>>but then, you're just the right person to design something like that. :-)
>In the past, OtherBill has commented that the ACLs in NT are in no
>way compatible with the ACLs in Unix.
Nonsense. First of all, each Unix flavour I've seen has slightly
different ACL semantics, and they're just about as compatible with each
other as NT ACLs are with any Unix flavour. The right direction would
probably be to find a manageable superset of ACL semantics, and map that
to what's available in the OS. But any "complete" model is hugely
complicated because you have to somehow map principal names, too, not
just ACL semantics.

> Now, I know nothing of how
>Win32 stores permissions. If we can determine a common mapping
>that works for both models, that would be great. Sooo, perhaps
>we should bring this up on dev@apr and see if OtherBill bites?
Yup, go ahead.

>>And: -0.5 if you just want to add another Unix-specific property that
>>stores just basic Unix permission bits.
>Well, if Win32 implemented apr_file_perms_set(), it'd work there
>too. =) It just happens that apr_file_perms_set() mimics the
>Unix permission bits (although in base 16 - don't ask). -- justin
I think we all agree that apr_file_perms_set is an abomination and
should be drowned in hallowed water at midnight on the winter solstice
when the moon is full. :-)

Brane Čibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Aug 21 21:17:13 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.