Path based Authorization

C. Michael Pilato cmpilato at red-bean.com
Tue Nov 6 19:41:06 CST 2007


Peter Lloyd wrote:
> In the section on Path-Based Authorization,
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html 
> there is an example using groups towards the end.
> 
> -------
> [groups]
> calc-developers = harry, sally, joe
> paint-developers = frank, sally, jane
> everyone = harry, sally, joe, frank, sally, jane
> 
> [paint:/projects/paint]
> @paint-developers = rw
> jane = r
> -------
> 
> From my tests with Subversion 1.4.4, the final line "jane = r" seems to be 
> ignored. Jane appears to be receiving 'rw' permissions from the 
> paint-developers group, overriding her own 'r' permissions.
> 
> Assuming this is not a bug in Subversion, is it worth modifying this line, so 
> as not to give the impression that user permissions can decrease group 
> permissions?

I can't recall if this is correct or not -- is it the case that a given
user gets the most permissive rights alloted him/her in a given block?
But even if that line isn't worth modifying, your mail draws to my
attention that "sally" shows up twice in the "everyone" definition,
which is okay, but ... odd.

-- 
C. Michael Pilato <cmpilato at red-bean.com>

"The Christian ideal has not been tried and found wanting.  It has
 been found difficult; and left untried."  -- G. K. Chesterton




More information about the svnbook-dev mailing list