[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: authz: what has precidence when user is multiply referenced for a particular path?

From: Frank Gruman <fgatwork_at_verizon.net>
Date: 2006-05-19 16:43:49 CEST

Lieven Govaerts wrote:
>> -----Original Message-----
>> From: Greg Thomas [mailto:thomasgd@omc.bt.co.uk]
>>
>> This makes it impossible to give anonymous read only access,
>> a very desirable feature:
>>
>> [/foo]
>> *=r
>> @developers=rw
>>
>
> That's not correct!
>
> First of all, in your example Subversion will behave like this:
> 1. if you need read access: the first line applies, so it grants you read
> access
> 2. if you need write access: it skips the first line, and grants you access
> based on the second line of you're in the developer group.
>
> Beside, in your apache configuration you can put these lines to achieve the
> same thing:
> ...
> # allow read-only access to all users in the AD server
> <Limit GET PROPFIND OPTIONS REPORT>
> Satisfy Any
> </Limit>
>
> Require valid-user
> ...
>
> Lieven.
>
>
You are working under the assumption that he uses http://. I myself do,
but I still see many others out there who use svn:// access. Which is
trying to read only the authorization file. And I am confused by what
you just stated. You said that it "skips" the first line for read
access and grants access based on the second line. Does that mean that
it does parse the first line or does not??

This leads back to my previous post where I think _EVERY_ row in the
group should get parsed, and the order in which they are entered is the
order of precedence. So you could grant access to everyone and take
away from the one or two that don't need it or any other of the massive
number of permission scenarios we run into.

Regards,
Frank

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 19 16:44:46 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.