You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Greg Loscombe <gr...@eutechnyx.com> on 2005/06/22 13:56:36 UTC
Bug or my understanding - mod_svn_authz
Just been trying to setup some authz control on a repos and have hit
what looks like a bug. If I give full rw permission to all users, then
try and take that permission away from a specific user, that user is
still given access?
Example:-
[Physics:/]
* = rw
Andrew =
When Andrew goes to do a co, after sending his password, he can get rw
access....
If I did it the other way round, and denied access and then gave it to
people, it seems to work:-
[Physics:/]
* =
@everyonebutandrew = rw
There is an example which seems to suggest this should work:-
http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2
[paint:/projects/paint]
@paint-developers = rw
jane = r
Using gentoo, with Subversion 1.2.0 unmasked for x86. Any pointers?
Thanks in advance
Greg Loscombe
_____________________________________________________________________
This e-mail is confidential and may be privileged. It may be read, copied and used only by the intended recipient. No communication sent by e-mail to or from Eutechnyx is intended to give rise to contractual or other legal liability, apart from liability which cannot be excluded under English law.
This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre.
www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Bug or my understanding - mod_svn_authz
Posted by Frank Gruman <fg...@verizon.net>.
Before anyone gets to confused, the Good Book says:
"By default, nobody has any access to the repository at all. That
means that if you're starting with an empty file, you'll probably
want to give at least read permission to all users at the root of
the repository. You can do this by using the asterisk variable (*),
which means "all users""
in pretty much the same section (I can't tell - I read it as one large
HTML page).
That aside, check your HTTP error and access logs for the case-type
(upper, lower, camel) of the usernames at login. Make sure what you see
in your log is the same thing that is entered in your access file
everytime. It can be real easy to type your name in lower case once or
twice, and your examples all show camel-case. If this is the case, you
may need to enter all case examples into the access file and see how
that goes.
Regards,
Frank
Hannes Erven wrote:
> Yes,
>
>
>> [Physics:/]
>> * = rw
>> Andrew =
>
>
> * also matches the "anonymous" user, so you don't need to log in at
> all to have rw access.
>
> Please see the subversion book (http://svnbook.red-bean.com/) section
> 6.4.4.2 for more information
>
>
> HTH,
> -hannes
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Re: Bug or my understanding - mod_svn_authz
Posted by Greg Loscombe <gr...@eutechnyx.com>.
Hannes Erven
I've also tried:-
[groups]
everyone = Andrew, Gregory
[/]
@everyone = rw
Gregory =
With the same results - Gregory is given full rw access? Basically,
seems to happen with groups too?
But if I do:-
[/]
Gregory = rw
Gregory =
Then Gregory is denied access.
Lastly, with my example using
* =
I still need to provide a username / password before I'm given auth -
that would suggest that anon access isn't the cause?
Cheers
Greg Loscombe
Hannes Erven wrote:
> Yes,
>
>
>> [Physics:/]
>> * = rw
>> Andrew =
>
>
> * also matches the "anonymous" user, so you don't need to log in at
> all to have rw access.
>
> Please see the subversion book (http://svnbook.red-bean.com/) section
> 6.4.4.2 for more information
>
>
> HTH,
> -hannes
>
> _____________________________________________________________________
> This e-mail is confidential and may be privileged. It may be read,
> copied and used only by the intended recipient. No communication sent
> by e-mail to or from Eutechnyx is intended to give rise to contractual
> or other legal liability, apart from liability which cannot be
> excluded under English law.
> This message has been checked for all known viruses by Star Internet
> delivered through the MessageLabs Virus Control Centre.
> www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322
>
_____________________________________________________________________
This e-mail is confidential and may be privileged. It may be read, copied and used only by the intended recipient. No communication sent by e-mail to or from Eutechnyx is intended to give rise to contractual or other legal liability, apart from liability which cannot be excluded under English law.
This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre.
www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Bug or my understanding - mod_svn_authz
Posted by Hannes Erven <h....@gmx.at>.
Yes,
> [Physics:/]
> * = rw
> Andrew =
* also matches the "anonymous" user, so you don't need to log in at all
to have rw access.
Please see the subversion book (http://svnbook.red-bean.com/) section
6.4.4.2 for more information
HTH,
-hannes
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org