Bug or my understanding - mod_svn_authz

[Greg Loscombe <gr...@eutechnyx.com>]

Just been trying to setup some authz control on a repos and have hit 
what looks like a bug.  If I give full rw permission to all users, then 
try and take that permission away from a specific user, that user is 
still given access?

Example:-

[Physics:/]
* = rw
Andrew =

When Andrew goes to do a co, after sending his password, he can get rw 
access....


If I did it the other way round, and denied access and then gave it to 
people, it seems to work:-
[Physics:/]
* =
@everyonebutandrew = rw


There is an example which seems to suggest this should work:-
http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2

[paint:/projects/paint]
@paint-developers = rw
jane = r


Using gentoo, with Subversion 1.2.0 unmasked for x86.  Any pointers?

Thanks in advance
Greg Loscombe

_____________________________________________________________________
This e-mail is confidential and may be privileged. It may be read, copied and used only by the intended recipient. No communication sent by e-mail to or from Eutechnyx is intended to give rise to contractual or other legal liability, apart from liability which cannot be excluded under English law. 

This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. 

www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Bug or my understanding - mod_svn_authz

[Frank Gruman <fg...@verizon.net>]

Before anyone gets to confused, the Good Book says:

    "By default, nobody has any access to the repository at all. That
    means that if you're starting with an empty file, you'll probably
    want to give at least read permission to all users at the root of
    the repository. You can do this by using the asterisk variable (*),
    which means "all users""

in pretty much the same section (I can't tell - I read it as one large 
HTML page).

That aside, check your HTTP error and access logs for the case-type 
(upper, lower, camel) of the usernames at login.  Make sure what you see 
in your log is the same thing that is entered in your access file 
everytime.  It can be real easy to type your name in lower case once or 
twice, and your examples all show camel-case.  If this is the case, you 
may need to enter all case examples into the access file and see how 
that goes.

Regards,
Frank

Hannes Erven wrote:

> Yes,
>
>
>> [Physics:/]
>> * = rw
>> Andrew =
>
>
> * also matches the "anonymous" user, so you don't need to log in at 
> all to have rw access.
>
> Please see the subversion book (http://svnbook.red-bean.com/) section 
> 6.4.4.2 for more information
>
>
> HTH,
>     -hannes
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

Re: Bug or my understanding - mod_svn_authz

[Greg Loscombe <gr...@eutechnyx.com>]

Hannes Erven

I've also tried:-

[groups]
everyone = Andrew, Gregory

[/]
@everyone = rw
Gregory =

With the same results - Gregory is given full rw access?  Basically, 
seems to happen with groups too?

But if I do:-

[/]
Gregory  = rw
Gregory =

Then Gregory is denied access.

Lastly, with my example using
* =

I still need to provide a username / password before I'm given auth - 
that would suggest that anon access isn't the cause?


Cheers
Greg Loscombe

Hannes Erven wrote:

> Yes,
>
>
>> [Physics:/]
>> * = rw
>> Andrew =
>
>
> * also matches the "anonymous" user, so you don't need to log in at 
> all to have rw access.
>
> Please see the subversion book (http://svnbook.red-bean.com/) section 
> 6.4.4.2 for more information
>
>
> HTH,
>     -hannes
>
> _____________________________________________________________________
> This e-mail is confidential and may be privileged. It may be read, 
> copied and used only by the intended recipient. No communication sent 
> by e-mail to or from Eutechnyx is intended to give rise to contractual 
> or other legal liability, apart from liability which cannot be 
> excluded under English law.
> This message has been checked for all known viruses by Star Internet 
> delivered through the MessageLabs Virus Control Centre.
> www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322
>


_____________________________________________________________________
This e-mail is confidential and may be privileged. It may be read, copied and used only by the intended recipient. No communication sent by e-mail to or from Eutechnyx is intended to give rise to contractual or other legal liability, apart from liability which cannot be excluded under English law. 

This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. 

www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Bug or my understanding - mod_svn_authz

[Hannes Erven <h....@gmx.at>]

Yes,


> [Physics:/]
> * = rw
> Andrew =

* also matches the "anonymous" user, so you don't need to log in at all 
to have rw access.

Please see the subversion book (http://svnbook.red-bean.com/) section 
6.4.4.2 for more information


HTH,
	-hannes

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org