[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Question about authz file syntax.

From: David Brodbeck <brodbd_at_u.washington.edu>
Date: Thu, 11 Feb 2010 15:44:12 -0800

Actually, I take that back, the manual says it's the *first* match:
"Another important fact is that the first matching rule is the one which gets applied to a user."
(http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html)

On Feb 11, 2010, at 1:52 PM, David Brodbeck wrote:

> Interesting. Did this behavior change at some point? I'm using the syntax with "* =" at the end of the entry in many locations and it's always worked fine. svnserve 1.5.1 here. The manual does seem to agree with your example, so I'm wondering if I should go through and change all of my permission entries to avoid future problems.
>
>
> On Feb 11, 2010, at 9:51 AM, Sebastian Grewe wrote:
>
>> Hey Lauro,
>>
>> Put them in a different order: Last match always decides on access
>> permissions.
>>
>> [/path/foo]
>> * =
>> user2 = r
>> user1 = rw
>> @groupbar = rw
>>
>> Something similar to that is working on my setup.
>>
>> Cheers,
>> Sebastian
>>
>> On Thu, 2010-02-11 at 15:19 -0200, Lauro Costa G. Borges wrote:
>>> Hi,
>>>
>>> I'm using Subversion version 1.4.4 (r25188).
>>>
>>> I'm noticing that the authz file is not properly processed. For some
>>> paths I have:
>>>
>>>
>>> [/path/foo]
>>> user1 = rw
>>> user2 = r
>>> @groupbar = rw
>>> * =
>>>
>>> All users before "* =" are forbidden on that directory, if I take "*
>>> =" out, then, The permissions are properly applied.
>>>
>>> My problem is, my manager wants a "default deny" ACL, so, for many of
>>> the directories, I need to have "* = ".
>>>
>>>
>>> * Note: I tried to put "* =" before all the other ACL's, in the end,
>>> in the middle, doesn't seem to make difference.
>>>
>>>
>>> thanks in advance,
>>>
>>> Lauro
>>
>>
>
> --
>
> David Brodbeck
> System Administrator, Linguistics
> University of Washington
>
>
>
>

-- 
David Brodbeck
System Administrator, Linguistics
University of Washington
Received on 2010-02-12 00:45:34 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.