[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Path based authorization

From: Johnson, Robert <r.johnson_at_cgi.com>
Date: Mon, 25 Oct 2010 15:58:34 -0700

I'm not sure this is a bug or the documentation is wrong, or I'm
misunderstanding the concept.

 

The setup and config:

Redhat Enterprise Linux AS release 4 (October Update 7)

Apache 2.2.16

Subversion version 1.6.12 from Collabnet

mod_authz_svn.so built from Subversion sources 1.6.13 (uses 1.6.12 libs
at runtime)

 

In the SVN doc:

Section 6.5 Path-Based Authorization

 

[paint:/projects/paint]

jane = r

@paint-developers = rw

 

Another important fact is that the first matching rule is the one which
gets applied to a user. In the prior example,

even though Jane is a member of the paint-developers group (which has
read/write access), the jane = r

rule will be discovered and matched before the group rule, thus denying
Jane write access.

 

My authz file:

 

[groups]

Administrators = admin, r.thompson, john.robbins

SE-tech = r.thompson, john.robbins, test.user

 

[/]

#start with everyone has read access

* = r

@Administrators = rw

 

[SystemEngineering:/trunk]

test.user = r

@Administrators = rw

@SE-tech = rw

 

I am not getting the results as described in the documentation. I
thought excluding a user from write access even though they were a
member of an rw group was kind of handy. I have observed this behavior
in both svn and http protocols. Even though the test.user has been
designated as "r" on the trunk, that user can still commit to the
SystemEngineering/trunk repository folder.

 

Any help or clarification would be greatly appreciated.

 

 

Bob Johnson

CGI - Insurance Sector

Columbia, S.C.

(803)917-7751

 
Received on 2010-10-26 07:19:30 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.