On Thu, Aug 22, 2002 at 12:41:12AM -0700, Bill Tutt wrote:
> Commentary on entire proposal:
> Trying to mesh Subversion ACL behavior into OS specific and indeed WC
> specific visible behavior just seems wrong. Subversion's ACL system
> should be about securing SCM operations not defining the assigned ACEs
> of the generated files in the working copy.
My question back to you is why shouldn't it? If I can't modify
the file on the repository, why should I (by default) be able to
modify the file locally?
(Yes, this is about smashing preconceptions here. We could provide
an opt-out in the client config if they wanted to set everything to
APR_OS_DEFAULT rather than intelligently setting the attributes. Or,
make it opt-in - I don't care.)
> This is no longer accurate. Life got much more complex in Windows 2000.
> See:
> http://msdn.microsoft.com/library/en-us/security/security/order_of_aces_
> in_a_dacl.asp?frame=true
Well, the last time I used a Windows box was about two years ago.
But, the key concept seems the same.
> In fact the DeltaV ACL model maps very closely to what Windows 2000
> supports. (Big surprise there...)
> See http://www.webdav.org/acl/
Ah, yes, I forgot about DeltaV's ACL (prolly because no one is using
it yet). Yeah, so let's expand what I was saying for the SVN ACL
side to at least encompass a DeltaV ACL implementation.
Fair enough? That just seems to mean that properties are now
explicitly controlled.
> Additionally, naively searching an list of ACEs for denying ACE, and
> then searching for allowing ACEs doesn't actually happens. The ACEs are
> applied exactly in order.
Right. As was pointed out in several lists, that seemed to be a flaw
in NT's security model. I wouldn't need to see that 'feature'
replicated in SVN if we implemented ACLs.
Specifically, we'd want: DAV:specific-deny-overrides-grant.
> Ick. See what I mean by complicated? If we were to define ACEs for
> Subversion there would be a bunch more possible operations anyway.
>
> e.g.:
> Subversion_LogMessage_Change
> Etc...
Do we really need or want this level of specificity? Hmm.
Subversion's log doesn't quite fit anywhere, so perhaps, that gets a
repository-wide ACE? (Doesn't seem that DeltaV ACL has this
concept.)
> > +Question: How do we define groups since they are server-side?
> > + (Must define the group somewhere - perhaps walk up tree at
> each
> > + directory looking for a group definition mechanism.)
> Ick. We don't walk up directory trees. :)
As I said somewhere later on, maybe not.
But, it looks like this is how DAV:group-membership is defined
(indirect reference). -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 22 18:57:24 2002