[svnbook] r5817 committed - branches/1.8/zh/book/ ch06-server-configuration.xml

Tue Oct 30 09:34:40 CDT 2018

Revision: 5817
          http://sourceforge.net/p/svnbook/source/5817
Author:   wuzhouhui
Date:     2018-10-30 14:34:33 +0000 (Tue, 30 Oct 2018)
Log Message:
-----------
1.8/zh: translation of chapter 6 in progress

Modified Paths:
--------------
    branches/1.8/zh/book/ch06-server-configuration.xml

Modified: branches/1.8/zh/book/ch06-server-configuration.xml
===================================================================

--- branches/1.8/zh/book/ch06-server-configuration.xml	2018-10-28 11:54:47 UTC (rev 5816)
+++ branches/1.8/zh/book/ch06-server-configuration.xml	2018-10-30 14:34:33 UTC (rev 5817)
@@ -7629,8 +7629,12 @@
     <!-- =============================================================== -->
     <sect2 id="svn.serverconfig.pathbasedauthz.groups">
 
+      <!--
       <title>Access Control Groups</title>
+      -->
+      <title>用户组</title>
 
+      <!--
       <para>The access file also allows you to define whole groups of
         users, much like the Unix <filename>/etc/group</filename>
         file.  To do this, create a <literal>groups</literal> section
@@ -7638,6 +7642,12 @@
         section: each variable's name defines the name of the group,
         and its value is a comma-delimited list of usernames which
         are part of that group.</para>
+      -->
+      <para>访问规则文件还允许管理员定义用户组, 就像 Unix 里的
+        <filename>/etc/group</filename>. 为了定义用户组, 在访问规则文件里
+        创建一个名为 <literal>groups</literal> 的节, 然后在节内描述每一个
+        用户组: 变量名定义了用户组的名字, 而变量的值则是逗号分隔的, 属于该
+        用户组的用户名.</para>
 
       <informalexample>
         <programlisting>
@@ -7648,9 +7658,13 @@
 </programlisting>
       </informalexample>
 
+      <!--
       <para>Groups can be granted access control just like users.
         Distinguish them with an <quote>at sign</quote>
         (<literal>@</literal>) prefix:</para>
+      -->
+      <para>用户组的权限授予和用户名相同, 为了与用户名相区别, 在用户组的名字前
+        要加一个 <literal>@</literal> 符号:</para>
 
       <informalexample>
         <programlisting>
@@ -7663,6 +7677,7 @@
 </programlisting>
       </informalexample>
 
+      <!--
       <para>Another important fact is that group permissions are not
         overridden by individual user permissions. Rather, the
         <emphasis>combination</emphasis> of all matching permissions is
@@ -7673,6 +7688,14 @@
         members can only be extended beyond the permissions the group
         already has. Restricting users who are part of a group to less
         than their group's permissions is impossible.</para>
+      -->
+      <para>需要特别注意的是用户组权限并不会被用户权限所覆盖, 而是会进行
+        <emphasis>叠加</emphasis>. 在上面的例子里, Jane 是用户组
+        <literal>paint-developers</literal> 的成员, 因此她对仓库
+        <literal>paint</literal> 具有读写权限, 再叠加上
+        <literal>jane = r</literal>, Jane 最终的权限仍然是可读写. 如果用户
+        已经是某个用户组的成员, 那就不可能再把用户的权限限制得比用户组的权限
+        还小.</para>
 
       <para>Groups can also be defined to contain other groups:</para>
 


