[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: RE: Documentation for authzSVN module?

From: Anders Palm <Anders.Palm_at_prevas.dk>
Date: Mon, 25 Feb 2008 11:11:17 +0100

Hi

Yes, we seem to have somewhat similar problems.
I would expect the module to use the narrowest possible scope, but it seems that it doesn't.

I have a *lot* of users, and like you, I authenticate them through SSPI. Most of these users has full rw access to all repositories, but a few of them (mostly clients who needs to be able to access their own code), should of course be limited to their repository.

To handle this, I go a different way. I don't want to handle all my "regular" users in authz, so I take a blacklisting approach of sort, something like this:

[groups]
externals = <list of users>

[/]
* = rw

[repos1:/]
@externals =

[repos2:/]
@externals =
someUser = rw

This approach almost works, but of course requires me to handle all my repositories.

What I would like to be able to do, is something like this:

[/]
* = rw
@externals =

[repos1:/]

[repos2:/]
someUser = rw

Of course, all users are within the scope of "*", but my @externals group should generally not be able to read or write anything unless specifically told so.

But when trying the second approach, the users in the @externals group has full rw-access, apparently because they are granted it by the "*"-clause.

I would, like you, expect the module to match on the narrowest possible scope, apparently it doesn't.

I hope that made some sense :)

Cheers
Anders

_____________________________________

 

Anders Palm

Software Developer

 

Prevas A/S

Frederikskaj 6

DK-2450 København SV

 

Phone +45 33159090

Mobile +45 26823952

Anders.Palm_at_prevas.dk

www.prevas.dk

-----Original Message-----
From: Jonathan Ashley [mailto:jonathan.ashley_at_praxis-his.com]
Sent: 25. februar 2008 10:27
To: Anders Palm
Cc: 'users_at_subversion.tigris.org'
Subject: RE: Documentation for authzSVN module?

It doesn't does it? It doesn't seem to behave the way that it's documented either.

You could try reading a post I made to the svn list earlier this year; see if that
tallies with your experience. I'd be interested to hear back.

http://svn.haxx.se/users/archive-2008-01/0222.shtml

regards,

--
Jon Ashley
________________________________
        From: Anders Palm [mailto:Anders.Palm_at_prevas.dk]
        Sent: 25 February 2008 08:54
        To: users_at_subversion.tigris.org
        Subject: Documentation for authzSVN module?
        Hi
        I have a hard time locating any documentation for the apache authz-module. Its usage is briefly mentioned in svnbook, but I could do with a more in-depth document, it doesn't quite seem to behave the way I would expect.
This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying or distribution or any action taken or omitted to be taken in reliance on it is strictly prohibited. If you have received this email in error please contact the sender. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Praxis. 
Although this email and any attachments are believed to be free of any virus or other defect, no responsibility is accepted by Praxis or any of its associated companies for any loss or damage arising in any way from the receipt or use thereof. The IT Department at Praxis can be contacted at it.support_at_praxis-his.com.
Praxis High Integrity Systems Ltd:
Company Number: 3302507, registered in England and Wales
Registered Address: 20 Manvers Street, Bath. BA1 1PX
VAT Registered in Great Britain: 682635707
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-02-25 11:11:43 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.