[Including full quotes since they come from different places; please
CC me on replies.]
In my case, `level_one' is a user specific directory -- so your
solution means that I need to set up things for users like this:
[/]
* = r
[/john]
* =
john = rw
[/jane]
* =
jane = rw
and later on, the users need to be aware of the same hack -- if john
wants to open a subdirectory, he needs to do
[/john]
john = rw
[/john/foo] # public directory
* = r
[/john/bar1]
* =
john = rw
[/john/bar2]
* =
john = rw
which is much more invloved than adding an entry only for /john/foo:
every other directory's permissions must change. More than that --
using this hack, it is possible to see which users are on the system,
and john must expose his toplevel directory structure.
Gregory Bartholomew <gregory.lee.bartholomew_at_gmail.com> writes:
> By using:
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
>
>
> You are preventing the authz module from being called on read requests
> (GET PROPFIND OPTIONS REPORT) so it cannot deny access to any part of
> the repository when the request is a read regaurdless of what you have
> specified in the authorization file.
>
>
> I think you can do what you are trying with something like the
> following in the authorization file:
>
>
> [/level_one]
> * = r
>
>
> [/level_one/level_two]
> * =
> jsmith = rw
Eli Barzilay <eli@barzilay.org> writes:
> [This is a third post of this question -- trying to avoid filing a bug
> if its bogus. Any help would be greatly appreciated.]
>
> I'm running a user repository, and there's some weird authorization
> problem. I want to let people determine the control that they want,
> so I have:
>
> <Location /usr>
> Dav svn
> SVNPath /home/svn/usr
> SVNAutoversioning on
> SVNIndexXSLT "/svnindex.xsl"
> Allow from all
> AuthType Digest
> AuthName "Subversion"
> AuthUserFile /home/svn/etc/passwd
> AuthDigestDomain /plt/ /iplt/ /iview/ /usr/ /play/
> AuthzSVNAccessFile /home/svn/etc/authz.conf
> Require valid-user
> </Location>
>
> which works fine, until someone wants to make a directory
> world-readable. So, I figure that I'll let the authz.conf be the only
> guard for unwanted reads, and changed that last line to:
>
> <Location /usr>
> ...
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> </Location>
>
> The world-readable directory works fine, but now normal per-user
> control doesn't work.
>
> Is there anything wrong in the above setup?
--
((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay:
http://www.barzilay.org/ Maze is Life!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Feb 6 07:12:42 2007