[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Yes YA (well reasoned?) feature request :)

From: Peter Kennard <peterk_at_livingwork.com>
Date: Tue, 01 Jul 2008 10:07:01 -0400

The idea is to create something that will "default" to no access without
having to explicitly specify it for every directory, so if someone adds a
new directory it defaults to unreadable. Yet have "list" access for it's
parent.

The desire is to reduce the needed complexity (security hole) of having to
monitor things for new directories so one will then inadvertantly grant
access. If someone needs access (they will complain about that to the admin)

PK

At 06:07 AM 7/1/2008, Madan U Sreenivasan wrote:
>That is true, but I was wondering if the URL could be turned back with a
>no-access error from the webserver itself. Here in the apache conf, you
>can specific directory level permissioning.
>
>Regards,
>Madan.
>
>On Tue, Jul 1, 2008 at 2:21 PM, Peter Kennard
><<mailto:peterk_at_livingwork.com>peterk_at_livingwork.com> wrote:
>subversion itself would have to manage those files since they are
>contained within the repository - this is not a feature of subversion AFAIK.
>
>
>At 12:41 AM 7/1/2008, you wrote:
>Why dont you control directory based access using the .htaccess? wouldnt
>that be much simpler?
>
>Regards,
>Madan.
>
>On Mon, Jun 30, 2008 at 11:41 PM, Peter Kennard
><<mailto:peterk_at_livingwork.com><mailto:peterk_at_livingwork.com>peterk_at_livingwork.com>
>wrote:
>(forward to dev if they want this :)
>
>I just set up apache2-svn-dav based access control for a big project with
>a bunch of repositories and many directories.
>
>So I have a fresh perspective :)
>
>I have a big repository with a lot of directories.
>I want to give a contractor:
>
> - list access to "trunk/java"
> so they can get the list on eclipse "ImportProject" and click on them
> - defined "rw" or "r" access to a subset of "trunk/java/*"
>
>I had to allow "@group = r" on "trunk/java" for the list access
>I then had to *explicitly* state "@group =" for every directory which I did
>not wish to give them any access, since the parent gives a default "r" to all
>it's children.
>
>I would like to set it up so the default on subdirectories is "no access"
>so if someone adds a new one it doesn't default to readable until we set
>it so. Yet, I want them to have list access on the parent (which
>currently makes children default to readable) so they can click-navigate
>
>Upon thinking about this it seems the best solution would be to add "x" to the
>directory permissions and specifying "x" without "r" or "w", disallows
>read and write but allows the operations needed for a directory "listing"
>of it's children. So full access would be "rwx". for compatibility "r" or
>"w" would imply "x" by default.
>
>Peter K.
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail:
><mailto:users-unsubscribe_at_subversion.tigris.org><mailto:users-unsubscribe_at_subversion.tigris.org>users-unsubscribe_at_subversion.tigris.org
>For additional commands, e-mail:
><mailto:users-help_at_subversion.tigris.org><mailto:users-help_at_subversion.tigris.org>users-help_at_subversion.tigris.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-01 16:07:30 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.