Re: mod_authz_svn inheritance broken?

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-12-01 18:02:39 CET

Kevin P. Fleming wrote:
> OK, that was my misunderstanding then... I had somehow interpreted the
> book to be saying that '*' was only for unknown (anonymous) users, when
> in fact it does mean all users, including anonymous ones.

To be perfectly precise, * means "Any user (including anonymous) that isn't
mentionned in that same rule". So in your example, * in the second rule (the
private area) means "anyone except kpfleming".

Also note that at present, user definitions don't supersede group definitions.
So you couldn't define:

[groups]
mygroup = sillyuser,anotheruser

[/any/path]
@mygroup = rw
sillyuser = r

Logically, the rule for sillyuser would override the group access, even if the
user is a part of the group. Currently though, a group is given the same
priority as a user definition, so the user is granted the widest possible access
(here, 'rw'). I do hope to correct this someday, to make the ACLs that more
flexible.

- Dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 1 17:10:11 2005

This message: [ Message body ]
Next message: Matt England: "Re: How to convert a regular file to a sym link?"
Previous message: Owen Evans: "Subversion behind a Microsoft ISA Server"
In reply to: Kevin P. Fleming: "Re: mod_authz_svn inheritance broken?"
Next in thread: Kevin P. Fleming: "Re: mod_authz_svn inheritance broken?"
Reply: Kevin P. Fleming: "Re: mod_authz_svn inheritance broken?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]