[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: mod_authz_svn inheritance broken?

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-12-01 18:02:39 CET

Kevin P. Fleming wrote:
> OK, that was my misunderstanding then... I had somehow interpreted the
> book to be saying that '*' was only for unknown (anonymous) users, when
> in fact it does mean all users, including anonymous ones.

To be perfectly precise, * means "Any user (including anonymous) that isn't
mentionned in that same rule". So in your example, * in the second rule (the
private area) means "anyone except kpfleming".

Also note that at present, user definitions don't supersede group definitions.
So you couldn't define:

[groups]
mygroup = sillyuser,anotheruser

[/any/path]
@mygroup = rw
sillyuser = r

Logically, the rule for sillyuser would override the group access, even if the
user is a part of the group. Currently though, a group is given the same
priority as a user definition, so the user is granted the widest possible access
(here, 'rw'). I do hope to correct this someday, to make the ACLs that more
flexible.

- Dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 1 17:10:11 2005

This is an archived mail posted to the Subversion Users mailing list.