Path based Authorization
C. Michael Pilato
cmpilato at red-bean.com
Tue Nov 6 19:41:06 CST 2007
Peter Lloyd wrote:
> In the section on Path-Based Authorization,
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
> there is an example using groups towards the end.
>
> -------
> [groups]
> calc-developers = harry, sally, joe
> paint-developers = frank, sally, jane
> everyone = harry, sally, joe, frank, sally, jane
>
> [paint:/projects/paint]
> @paint-developers = rw
> jane = r
> -------
>
> From my tests with Subversion 1.4.4, the final line "jane = r" seems to be
> ignored. Jane appears to be receiving 'rw' permissions from the
> paint-developers group, overriding her own 'r' permissions.
>
> Assuming this is not a bug in Subversion, is it worth modifying this line, so
> as not to give the impression that user permissions can decrease group
> permissions?
I can't recall if this is correct or not -- is it the case that a given
user gets the most permissive rights alloted him/her in a given block?
But even if that line isn't worth modifying, your mail draws to my
attention that "sally" shows up twice in the "everyone" definition,
which is okay, but ... odd.
--
C. Michael Pilato <cmpilato at red-bean.com>
"The Christian ideal has not been tried and found wanting. It has
been found difficult; and left untried." -- G. K. Chesterton
More information about the svnbook-dev
mailing list