[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Multiple matching lines in authz file

From: Philip Martin <philip_at_codematters.co.uk>
Date: Thu, 14 Jan 2010 22:16:35 +0000

What should happen when a username matches multiple lines in an authz
file? The svnbook states that the first matching line applies:

   [groups]
   paint-developers = frank, sally, jane

   [paint:/projects/paint]
   jane = r
   @paint-developers = rw

   Another important fact is that the first matching rule is the one
   which gets applied to a user. In the prior example, even though
   Jane is a member of the paint-developers group (which has
   read/write access), the jane = r rule will be discovered and
   matched before the group rule, thus denying Jane write access.

That's not what happens when I try it. I've stepped through in the
debugger and all lines that match get considered and the resulting
authz is the combination of all the permissions. In the above example
jane will have read/write access. Even simple authz files behave this
way:

   [/]
   philip =
   * = r

The book implies that philip would be denied access but when I try it
read access is allowed. Is this a book bug or a Subversion bug?

If it's a Subversion bug can we fix it? Do admins want this
behaviour? Can we change the behaviour of existing authz files? I
suppose we could introduce a some sort of directive to control the
matching behaviour:

  [directives]
  match = first

-- 
Philip
Received on 2010-01-14 23:17:13 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.