[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Check Path based authorization

From: Branko Čibej <brane_at_apache.org>
Date: Tue, 11 Dec 2018 20:54:21 +0100

On 11.12.2018 18:40, Stuempfig, Thomas wrote:
> Hi Brane,
> well after testing the tool does not actually do what i would like. But it is giving me a starting point / work around.
> I tested the tool with Visualsvn Server on windows
>
>
> Steps to reproduce
> 1) configure basic windows authentication
>
> 2) grant" rw" access to the repository root path for AD group
> Visualsvn server places the objectSid S-1-1-11-111111111-111111111-11111111-11111 of the group in the VisualSVN-WinAuthz.ini file of the repository
>
> 3) svnauthz.exe accessof --username S-2-2-22-222222222-22222222-222222222-22222 d:\repositories\test\conf\VisualSVN-WinAuthz.ini
> Where username is a member of the AD group objectSid S-1-1-11-111111111-111111111-11111111-11111
> Result no
>
> But
> 4) svnauthz.exe accessof --username S-1-1-11-111111111-111111111-11111111-11111 22222 d:\repositories\test\conf\VisualSVN-WinAuthz.ini
> Gives "rw"

I really have no idea what the WinAuthz.ini file is and what VisualSVN
does with it. It's impossible to say if your result is expected if we
don't see the contents of the authz file.

But yes, 'svnauthz' will calculate access for users, not for groups. A
user can be a member of several groups and the actual rights she has can
be a combination of rights granted to the groups.

-- Brane
Received on 2018-12-11 20:54:32 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.