[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz suggestion

From: Branko Čibej <brane_at_apache.org>
Date: Sun, 10 Dec 2017 13:35:18 +0100

On 10.12.2017 10:28, Paul Hammant wrote:
> Consider:
>
> [/]
> harry=rw
>
> [dataset:/A]
> sally=rw
>
> [dataset:/Z]
> sally=rw
>
>
> If I had directories B through Y, I am pretty sure Sally cannot see
> them let along change anything in them. Cool that's what I want.
>
> What I don't have though is the ability for Sally to checkout from
> root and recieve A/* and B/* in one operation.  I could grant 'r' for
> the root for sally, but I'd have to do this for all of B through Y
> which would be overly verbose:
>
> [dataset:/B]
> sally=
>
>
> So I think I'm asking for a feature, but I'm not sure what would be
> best for it.
>
> Choice 1:  
>
> [/]
> harry=rw
> sally=dironly
>

This is called "directory traversal permission" and it means that the
user can use the directory for path lookup but isn't allowed to see its
contents. Currently it's implied in 'r' and 'rw' modes. I have a rather
long-standing todo wish to add this as an explicit flag.

The authz parser and storage model rework that's landing in 1.10 (see:
http://subversion.apache.org/docs/release-notes/1.10.html#authzperf) was
a prerequisite to being able to implement additions such as the one you
propose.

-- Brane
Received on 2017-12-10 13:35:28 CET

This is an archived mail posted to the Subversion Dev mailing list.