[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: commit-access-control vs. AuthzSVNAccessFile

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2004-04-19 15:33:08 CEST

Lukas Ruf wrote:

> - AuthzSVNAccessFile sections:
> Am I right that the sections support perl-regex as well?
> i.e.:
>
> [repos:/[a-e]]
> * =
>
> [repos:/[f-i]]
> * = r
>
> [repos:/[j-z]]
> * = rw
>

No, you cannot put any regexps or pattern-matching expressions into the
square-bracket sections.

> - Is there any fundamental difference from a user perspective between
> AuthzSVNAccessFile and commit-access-control except that
> AuthzSVNAccessFile is more powerful by that it allows also to deny
> access to a project completely?

Correct. The user doesn't know which authz system the server is using.
  (By the way, the third choice is svnperms.py.)

>
> - Am I right that I do not need to restart apache2 every time I
> modified anything in an access control file of AuthzSVNAccessFile?
>

Correct.

> - Parent directories must be accessible if a directory must be
> accessed?
> i.e.:
> [repos:/[a-e]]
> * = r
>
> [repos:/[a-e]/input]
> * = rw
>
> would work
>
> while
>
> [repos:/[a-e]]
> * =
>
> [repos:/[a-e]/input]
> * = rw
>
> wouldn't?

No, the second one would work as well. The rules "stack" from highest
level to lowest level, overriding each other as more fine-tuned
exceptions. In your second example, nobody can access /apple, but
there's a second rule which overrides the first rule for the path
/apple/input, which everyone can access.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Apr 19 15:31:56 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.