[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: authz: what has precidence when user is multiply referenced for a particular path?

From: Frank Gruman <fgatwork_at_verizon.net>
Date: 2006-05-21 07:38:14 CEST

Steven Simpson wrote:
> <snip>
> No, I think you were right, in the context that was snipped: "Most
> severe restrictions should apply" (Jeb). In that case, whoever you are,
> both lines apply, and the most severe restriction is to take away 'w',
> whether you're in @developers or not.
>
>
I disagree with that. What you just said completely removes the ability
to set a repository as world readable and group/individual writable.

[groups]
developers = me, you, them, others

[/repo]
*=r
@developers=rw

For many open source products, this is a standard configuration. Let
anyone read the source. But not everyone should be able to commit
directly to the repository. Based on your statement, no one would ever
be able to write to this repository. And please don't point me to the
<Limit> directives in Apache. First, because not everyone uses it, and
second, because I would much rather have all of my user control in one
location than spread out through multiple other places.

[groups]
developers = me, you, them, others

[/repo]
*=r
@developers=rw
others=r

This scenario as I explained in an earlier thread would allow me to
create my groups as I would normally do and assign permissions to users
in the order listed. The last set permission should win. In my above
example, the "others" user does not have write permission to THIS
repository but may have it on others. There are some folks who use this
system with 50 or more developers. They would ideally create their core
groups and create assignments off of those groups. But what if I have a
junior programmer who just joined a group? Sure - add the developer to
the group and then take away the permission from the "sensitive"
products until they have learned all they need.

Regards,
Frank

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun May 21 07:39:20 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.