On Mar 12, 2004, at 1:27 PM, Jack Huang wrote:
> At first for svn-access-file I have:
> * = rw
> jack = rw
> So far, so good. I was able to check out files under MyRepos. But
> when I remove permission from [/MyRepos] with:
In this case, jack = rw is redundant, as you probably know and assume
Unless you have a /MyRepos directory in your repository, I think that
that may be where the confusion lies in your setup.
Looking that this:
> <Location /MyRepos>
> SVNPath /home/svn/MyRepos
I think that http://yourserver/MyRepos/ is the url that matches the
root of your repository, [/] in your svn-access-file. But maybe you
just renamed to many things "MyRepos" for the purpose of your emailing
> * = rw
> jack =
> I was still able to check out files from MyRepos. It appears that the
> first entry has overrode the second entry.
I'm not sure negative permissions will work like you desire. Many ACL
systems grant the most access available to a principal (union of all
permissions from any and all groups in which the principal is a member,
including "*" in this case). They do not try and manage which
specification of the principal is "most specific" and thus should
override others. I believe you are thinking that permissions for
"jack," because it names the principal specifically, should override
the permissions given to everyone, including jack, with the "* = rw"
specification. I don't believe the system works like that (educated
guess; I haven't looked at the code).
I do something like this and maybe some variation will do something
similar to what you want (the trick to removing the permissions given
to "*" being the part I think might interest you):
* = r
@projectA-dev = rw
> If I have the access file with
> jack = rw
> entry ONLY, I cannot check out at all!
I am unable to replicate a scenario like this.
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Tue Mar 16 05:29:11 2004