[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN 1.10 AuthZ file parsing too strict?!

From: <innnzzz6_at_hotmail.com>
Date: Mon, 28 Jan 2019 14:27:55 +0700

On 2019/01/18 22:07:57, Doug Robinson wrote:
> Honored committers (and the rest of us):>
>
> It's come to my attention that if a group is defined in an AuthZ>
> file without an associated account that SVN is, as of 1.10, generating>
> an error and failing to allow the use of that AuthZ file.>
>
> Example:>
>
> [groups]>
> goodGroup = acct1>
> goodGroup2 = acct1, acct2>
> badGroup =>
>
> [repoName:/someplace]>
> @badGroup = rw>
>
> svnauthz: E220003: Error while parsing authz file: ...>
> svnauthz: E220003: Access entry refers to undefined group ...>
>
> My thoughts:>
>
> 1. From a compatibility standpoint it really should be a Warning,>
> not an Error. If there's no accounts then certainly it can have>
> no impact on the security of the repository/ies.>
>
> 2. From a usability standpoint it really should simply be supported.>
> The AuthZ file is a representation of a team structure. There are>
> times when teams will get reduced headcount down to zero and then>
> back up again. To deal with that use case with SVN 1.10 means>
> either:>
>
> a) stripping out all references to the team and losing all of the>
> places where that team requires access>
>
> b) configuring a dummy account for the team and hoping that the>
> account will never be created>
>
> c) leaving the team around and fixing SVN to allow an empty team>
>
> My preference would be first 2c and, if not, then 1. But that's>
> me.>
>
> Not sure about the history of why this change was made? I'd like>
> to better understand.>
>
> Cheers.>
>
> Doug>
> -- >
> *DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER>
>
> T +1 925 396 1125>
> *E* doug.robinson_at_wandisco.com>
>
> -- >
>
>
> * *>
>
> **The LIVE DATA Company>
> *Find out more >
> *wandisco.com *>
>
>
>
> >
> >
> *>
>
>
> THIS MESSAGE >
> AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED>
>
> If >
> this message was misdirected, WANdisco, Inc. and its subsidiaries, >
> ("WANdisco") does not waive any confidentiality or privilege. If you are >
> not the intended recipient, please notify us immediately and destroy the >
> message without disclosing its contents to anyone. Any distribution, use or >
> copying of this email or the information it contains by other than an >
> intended recipient is unauthorized. The views and opinions expressed in >
> this email message are the author's own and may not reflect the views and >
> opinions of WANdisco, unless the author is authorized by WANdisco to >
> express such views or opinions on its behalf. All email sent to or from >
> this address is subject to electronic storage and review by WANdisco. >
> Although WANdisco operates anti-virus programs, it does not accept >
> responsibility for any damage whatsoever caused by viruses being passed.>
>

Sent from my iPhone
Received on 2019-01-29 08:06:16 CET

This is an archived mail posted to the Subversion Dev mailing list.