[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: access file problem

From: Travis P <svn_at_castle.fastmail.fm>
Date: 2004-03-16 05:29:15 CET

On Mar 12, 2004, at 1:27 PM, Jack Huang wrote:

> At first for svn-access-file I have:
> [/]
> * = rw
> [/MyRepos]
> jack = rw
> So far, so good. I was able to check out files under MyRepos. But
> when I remove permission from [/MyRepos] with:

In this case, jack = rw is redundant, as you probably know and assume
as well.

Unless you have a /MyRepos directory in your repository, I think that
that may be where the confusion lies in your setup.
Looking that this:

> <Location /MyRepos>
> SVNPath /home/svn/MyRepos

I think that http://yourserver/MyRepos/ is the url that matches the
root of your repository, [/] in your svn-access-file. But maybe you
just renamed to many things "MyRepos" for the purpose of your emailing
the list.

> [/]
> * = rw
> [/MyRepos]
> jack =
> I was still able to check out files from MyRepos. It appears that the
> first entry has overrode the second entry.

I'm not sure negative permissions will work like you desire. Many ACL
systems grant the most access available to a principal (union of all
permissions from any and all groups in which the principal is a member,
including "*" in this case). They do not try and manage which
specification of the principal is "most specific" and thus should
override others. I believe you are thinking that permissions for
"jack," because it names the principal specifically, should override
the permissions given to everyone, including jack, with the "* = rw"
specification. I don't believe the system works like that (educated
guess; I haven't looked at the code).

I do something like this and maybe some variation will do something
similar to what you want (the trick to removing the permissions given
to "*" being the part I think might interest you):

* = r
* =
@projectA-dev = rw

> If I have the access file with
> [/MyRepos]
> jack = rw
> entry ONLY, I cannot check out at all!

I am unable to replicate a scenario like this.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Mar 16 05:29:11 2004

This is an archived mail posted to the Subversion Users mailing list.