[svnbook commit] r3094 - trunk/src/en/book
sussman
noreply at red-bean.com
Sun Jun 1 10:01:44 CDT 2008
Author: sussman
Date: Sun Jun 1 10:01:44 2008
New Revision: 3094
Log:
* ch06-server-configuration.xml: fix path-authz example, explain rule-matching better.
Modified:
trunk/src/en/book/ch06-server-configuration.xml
Modified: trunk/src/en/book/ch06-server-configuration.xml
==============================================================================
--- trunk/src/en/book/ch06-server-configuration.xml (original)
+++ trunk/src/en/book/ch06-server-configuration.xml Sun Jun 1 10:01:44 2008
@@ -3043,12 +3043,14 @@
access at all to the <filename>secret</filename> subdirectory
within it.</para>
- <para>The thing to remember is that the most specific path always
- matches first. The server tries to match the path itself, and
- then the parent of the path, then the parent of that, and so on.
- The net effect is that mentioning a specific path in the
- accessfile will always override any permissions inherited from
- parent directories.</para>
+ <tip>
+ <para>The thing to remember is that the most specific path
+ always matches first. The server tries to match the path
+ itself, and then the parent of the path, then the parent of
+ that, and so on. The net effect is that mentioning a specific
+ path in the accessfile will always override any permissions
+ inherited from parent directories.</para>
+ </tip>
<para>By default, nobody has any access to the repository at all.
That means that if you're starting with an empty file, you'll
@@ -3099,10 +3101,18 @@
@calc-developers = rw
[paint:/projects/paint]
- at paint-developers = rw
jane = r
+ at paint-developers = rw
</screen>
+ <para>Another important fact is that
+ the <emphasis>first</emphasis> matching rule is the one which gets
+ applied to a user. In the prior example, even though Jane is a
+ member of the <literal>paint-developers</literal> group (which has
+ read-write access), the <literal>jane = r</literal> rule will be
+ discovered and matched before the group rule, thus denying Jane
+ write access.</para>
+
<para>Groups can also be defined to contain other groups:</para>
<screen>
More information about the svnbook-dev
mailing list