[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Path-based authorization: multiple references to one user

From: Steven Simpson <ss_at_comp.lancs.ac.uk>
Date: Thu, 21 Aug 2008 11:58:25 +0100


What should happen when a single section of an authorization file has
several rules which could match a given user? Statements from
documentation, mailing lists, and experience seem to conflict with each

users = jim
users2 = jim

jim = r
@users = rw

jim = r
* = rw

jim =
@users = r
@users2 = w

@users = r
@users2 = w

What permissions should 'jim' have in those cases?

My tests (on v1.5.1) seem to show that you simply get the union of all
rights for matching rules, so long as at least one rule matched. (So,
"rw" for jim on all repos above.) There was a 2006 discussion here,
which is at least consistent with that:


At some much earlier point, I'd convinced myself by testing that the
specificity of the identified party (user > group > wildcard '*') was
used. And where several group rules matched, the union of the
permissions of those rules applied. (So "r", "r", "", "rw" above.) Was
that ever the case, or must I have bungled my tests? Here's a 2004
thread on the developer list that partially confirms my conviction:


The documentation suggests that there is some sort of ordering (by
discovery), that "the /first/ matching rule is the one which gets
applied to a user" (so "r", "r", "", "r"):


So, what are the intended and actual behaviours, and have they been
changing over the years (to account for my confusion)?



To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-21 12:58:42 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.