SVN 1.10 AuthZ file parsing too strict?!

From: Doug Robinson <doug.robinson_at_wandisco.com>
Date: Fri, 18 Jan 2019 17:07:57 -0500

Honored committers (and the rest of us):

It's come to my attention that if a group is defined in an AuthZ
file without an associated account that SVN is, as of 1.10, generating
an error and failing to allow the use of that AuthZ file.

Example:

    [groups]
    goodGroup = acct1
    goodGroup2 = acct1, acct2
    badGroup =

[repoName:/someplace]
@badGroup = rw

svnauthz: E220003: Error while parsing authz file: ...
svnauthz: E220003: Access entry refers to undefined group ...

My thoughts:

1. From a compatibility standpoint it really should be a Warning,
not an Error. If there's no accounts then certainly it can have
no impact on the security of the repository/ies.

2. From a usability standpoint it really should simply be supported.
The AuthZ file is a representation of a team structure. There are
times when teams will get reduced headcount down to zero and then
back up again. To deal with that use case with SVN 1.10 means
either:

a) stripping out all references to the team and losing all of the
places where that team requires access

b) configuring a dummy account for the team and hoping that the
account will never be created

c) leaving the team around and fixing SVN to allow an empty team

My preference would be first 2c and, if not, then 1. But that's
me.

Not sure about the history of why this change was made? I'd like
to better understand.

Cheers.

Doug

-- 
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
T +1 925 396 1125
*E* doug.robinson_at_wandisco.com
-- 
* <http://wandisco.com>*
**The LIVE DATA Company
*Find out more 
*wandisco.com <http://wandisco.com/>*
 
<https://www.wandisco.com/welcome-live-data-world-video>
*
THIS MESSAGE 
AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED
If 
this message was misdirected, WANdisco, Inc. and its subsidiaries, 
("WANdisco") does not waive any confidentiality or privilege. If you are 
not the intended recipient, please notify us immediately and destroy the 
message without disclosing its contents to anyone. Any distribution, use or 
copying of this email or the information it contains by other than an 
intended recipient is unauthorized. The views and opinions expressed in 
this email message are the author's own and may not reflect the views and 
opinions of WANdisco, unless the author is authorized by WANdisco to 
express such views or opinions on its behalf. All email sent to or from 
this address is subject to electronic storage and review by WANdisco. 
Although WANdisco operates anti-virus programs, it does not accept 
responsibility for any damage whatsoever caused by viruses being passed.

Received on 2019-01-18 23:08:31 CET

This message: [ Message body ]
Next message: Branko Čibej: "Re: SVN 1.10 AuthZ file parsing too strict?!"
Previous message: Julian Foad: "Re: extending the blame callback"
Next in thread: Branko Čibej: "Re: SVN 1.10 AuthZ file parsing too strict?!"
Reply: Branko Čibej: "Re: SVN 1.10 AuthZ file parsing too strict?!"
Reply: Branko Čibej: "Re: SVN 1.10 AuthZ file parsing too strict?!"
Maybe reply: innnzzz6_at_hotmail.com: "Re: SVN 1.10 AuthZ file parsing too strict?!"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]