[svnbook commit] r3094 - trunk/src/en/book

sussman noreply at red-bean.com
Sun Jun 1 10:01:44 CDT 2008


Author: sussman
Date: Sun Jun  1 10:01:44 2008
New Revision: 3094

Log:
* ch06-server-configuration.xml:  fix path-authz example, explain rule-matching better.

Modified:
   trunk/src/en/book/ch06-server-configuration.xml

Modified: trunk/src/en/book/ch06-server-configuration.xml
==============================================================================
--- trunk/src/en/book/ch06-server-configuration.xml	(original)
+++ trunk/src/en/book/ch06-server-configuration.xml	Sun Jun  1 10:01:44 2008
@@ -3043,12 +3043,14 @@
       access at all to the <filename>secret</filename> subdirectory
       within it.</para>
 
-    <para>The thing to remember is that the most specific path always
-      matches first.  The server tries to match the path itself, and
-      then the parent of the path, then the parent of that, and so on.
-      The net effect is that mentioning a specific path in the
-      accessfile will always override any permissions inherited from
-      parent directories.</para>
+    <tip>
+      <para>The thing to remember is that the most specific path
+        always matches first.  The server tries to match the path
+        itself, and then the parent of the path, then the parent of
+        that, and so on.  The net effect is that mentioning a specific
+        path in the accessfile will always override any permissions
+        inherited from parent directories.</para>
+    </tip>
 
     <para>By default, nobody has any access to the repository at all.
       That means that if you're starting with an empty file, you'll
@@ -3099,10 +3101,18 @@
 @calc-developers = rw
 
 [paint:/projects/paint]
- at paint-developers = rw
 jane = r
+ at paint-developers = rw
 </screen>
 
+    <para>Another important fact is that
+    the <emphasis>first</emphasis> matching rule is the one which gets
+    applied to a user.  In the prior example, even though Jane is a
+    member of the <literal>paint-developers</literal> group (which has
+    read-write access), the <literal>jane = r</literal> rule will be
+    discovered and matched before the group rule, thus denying Jane
+    write access.</para>
+
     <para>Groups can also be defined to contain other groups:</para>
 
     <screen>




More information about the svnbook-dev mailing list