You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by BRM <bm...@yahoo.com> on 2004/10/28 21:11:09 UTC
WebDAV permissions file...
I'm working on setting up a repository using WebDAV. I
noticed in the documentation that it supports a file
for use by mod_authz_svn to grant permissions based on
particular folders within the repository. (Cool)
What I am wonder (and this might be a stupid question)
is, can I specify a group like a user? For example, is
the following valid:
[groups]
win_developer = sally
world_developer = harry
developers = @win_developer, @world_developer
Thanks,
BRM
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: WebDAV permissions file...
Posted by David Kramer <da...@thekramers.net>.
On Thu, 28 Oct 2004, BRM wrote:
> I'm working on setting up a repository using WebDAV. I
> noticed in the documentation that it supports a file
> for use by mod_authz_svn to grant permissions based on
> particular folders within the repository. (Cool)
>
> What I am wonder (and this might be a stupid question)
> is, can I specify a group like a user? For example, is
> the following valid:
>
> [groups]
> win_developer = sally
> world_developer = harry
> developers = @win_developer, @world_developer
If I were in your shoes, based on what others have said so far here, I
would create the config file just like that and write a dozen-line program
in the string-friendly language of your choice to preprocess it into what
you need whenever the groups change. That is the path to the least amount
of ongoing admin work until the software can do this on its own
In pseudocode:
read a line
does it have (@word)?
yes: replace @word with hashtable[word]
does it have (word) = (words)?
yes: store hashtable[word]=words
print line
----------------------------------------------------------------------------
DDDD David Kramer david@thekramers.net http://thekramers.net
DK KD
DKK D Python is executable pseudocode
DK KD Perl is executable line noise
DDDD Bruce Eckel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: WebDAV permissions file...
Posted by Erik Huelsmann <eh...@gmail.com>.
On Thu, 28 Oct 2004 21:07:55 -0500, Travis P <sv...@castle.fastmail.fm> wrote:
>
> On Oct 28, 2004, at 5:03 PM, James FitzGibbon wrote:
>
> > As for doing it in SVN, the code of mod_authz_svn as of v1.1.1 doesn't
> > seem
> > to handle that.
> > The code to check the ACL grabs a name from the list of allowed users,
> > checks if the first
> > char is '@', and if so calls another function that just does a strcmp
> > of the
> > current user
> > against all users in the group list. There is no logic to check if a
> > member
> > of the group
> > list starts with a '@'.
>
> I believe that someone has developed code to allow inclusion of
> groups within groups. However, perhaps it hasn't been committed
> to trunk or a release yet. Maybe it lives on a patch attached to an
> issue?
Correct. You can find it here:
http://subversion.tigris.org/issues/show_bug.cgi?id=2085
HTH,
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: WebDAV permissions file...
Posted by "Benjamen R. Meyer" <bm...@yahoo.com>.
Thanks for the clarity. This should be noted in the documentation, I think.
It would really make my life simpler (in the long run) to have the groups
within groups, so hopefully it'll make it into a release in the near future.
Until then, I'll just have to work my way around it.
Thanks!
BRM
> -----Original Message-----
> From: Travis P [mailto:svn@castle.fastmail.fm]
> Sent: Thursday, October 28, 2004 10:08 PM
> To: James FitzGibbon
> Cc: 'BRM'; 'SubVersion Users'
> Subject: Re: WebDAV permissions file...
>
>
>
> On Oct 28, 2004, at 5:03 PM, James FitzGibbon wrote:
>
> > As for doing it in SVN, the code of mod_authz_svn as of v1.1.1 doesn't
> > seem
> > to handle that.
> > The code to check the ACL grabs a name from the list of allowed users,
> > checks if the first
> > char is '@', and if so calls another function that just does a strcmp
> > of the
> > current user
> > against all users in the group list. There is no logic to check if a
> > member
> > of the group
> > list starts with a '@'.
>
> I believe that someone has developed code to allow inclusion of
> groups within groups. However, perhaps it hasn't been committed
> to trunk or a release yet. Maybe it lives on a patch attached to an
> issue?
>
> -Travis
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: WebDAV permissions file...
Posted by Travis P <sv...@castle.fastmail.fm>.
On Oct 28, 2004, at 5:03 PM, James FitzGibbon wrote:
> As for doing it in SVN, the code of mod_authz_svn as of v1.1.1 doesn't
> seem
> to handle that.
> The code to check the ACL grabs a name from the list of allowed users,
> checks if the first
> char is '@', and if so calls another function that just does a strcmp
> of the
> current user
> against all users in the group list. There is no logic to check if a
> member
> of the group
> list starts with a '@'.
I believe that someone has developed code to allow inclusion of
groups within groups. However, perhaps it hasn't been committed
to trunk or a release yet. Maybe it lives on a patch attached to an
issue?
-Travis
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: WebDAV permissions file...
Posted by James FitzGibbon <jf...@primustel.ca>.
AFAIK, mod_authz_svn does not know anything about the UNIX /etc/group file
(since SVN is not
limited to running on UNIX systems). Not that /etc/group allows you to
recursively define
groups...
As for doing it in SVN, the code of mod_authz_svn as of v1.1.1 doesn't seem
to handle that.
The code to check the ACL grabs a name from the list of allowed users,
checks if the first
char is '@', and if so calls another function that just does a strcmp of the
current user
against all users in the group list. There is no logic to check if a member
of the group
list starts with a '@'.
-----Original Message-----
From: BRM [mailto:bm_witness@yahoo.com]
Sent: Thursday, October 28, 2004 5:45 PM
To: SubVersion Users
Cc: James FitzGibbon
Subject: RE: WebDAV permissions file...
Sorry, I did read that, but I'm still not clear on the answer to my
question. I understand that I can give a group access like the example, but
the example does not list groups as being a member of a group, which I
guess it what my question really is - can a group be a member of another
group?
I'm not very familiar with the workings of the /etc/group file and whether
or not it can do this either. I didn't see any info about that in 'man
group'.
Thanks.
BRM
--- James FitzGibbon <jf...@primustel.ca> wrote:
> From chapter 6 of the SVN book:
>
> The access file also allows you to define whole groups of users, much
> like the Unix /etc/group file:
>
> [groups]
> calc-developers = harry, sally, joe
> paint-developers = frank, sally, jane
> everyone = harry, sally, joe, frank, sally, jane
>
> Groups can be granted access control just like users. Distinguish them
> with an �at� (@) prefix:
>
> [calc:/projects/calc]
> @calc-developers = rw
>
> [paint:/projects/paint]
> @paint-developers = rw
> jane = r
>
> ...and that's pretty much all there is to it.
>
> Regards
>
> -----Original Message-----
> From: BRM [mailto:bm_witness@yahoo.com]
> Sent: Thursday, October 28, 2004 5:11 PM
> To: SubVersion Users
> Subject: WebDAV permissions file...
>
> I'm working on setting up a repository using WebDAV.
> I noticed in the
> documentation that it supports a file for use by mod_authz_svn to
> grant permissions based on particular folders within the repository.
> (Cool)
>
> What I am wonder (and this might be a stupid
> question) is, can I specify a
> group like a user? For example, is the following
> valid:
>
> [groups]
> win_developer = sally
> world_developer = harry
> developers = @win_developer, @world_developer
>
> Thanks,
>
> BRM
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail:
> users-help@subversion.tigris.org
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.784 / Virus Database: 530 - Release
> Date: 10/27/2004
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.784 / Virus Database: 530 - Release
> Date: 10/27/2004
>
>
>
>
>
----------------------------------------------------------------------------
> This electronic message contains information from Primus
> Telecommunications Canada Inc. ("PRIMUS") , which may be legally
> privileged and confidential.
> The information is intended to be for the use of the
> individual(s) or entity
> named above. If you are not the intended recipient, be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited. If you have received this electronic
> message in error, please notify us by telephone or e-mail (to the
> number or address above) immediately. Any views, opinions or advice
> expressed in this electronic message are not necessarily the views,
> opinions or advice of PRIMUS.
> It is the responsibility of the recipient to ensure that any
> attachments are virus free and PRIMUS bears no responsibility for any
> loss or damage arising in any way from the use thereof.The term
> "PRIMUS" includes its affiliates.
>
----------------------------------------------------------------------------
> Pour la version en frangais de ce message, veuillez voir
> http://www.primustel.ca/fr/legal/cs.htm
>
----------------------------------------------------------------------------
>
>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.784 / Virus Database: 530 - Release Date: 10/27/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.784 / Virus Database: 530 - Release Date: 10/27/2004
----------------------------------------------------------------------------
This electronic message contains information from Primus Telecommunications
Canada Inc. ("PRIMUS") , which may be legally privileged and confidential.
The information is intended to be for the use of the individual(s) or entity
named above. If you are not the intended recipient, be aware that any
disclosure, copying, distribution or use of the contents of this information
is prohibited. If you have received this electronic message in error, please
notify us by telephone or e-mail (to the number or address above)
immediately. Any views, opinions or advice expressed in this electronic
message are not necessarily the views, opinions or advice of PRIMUS.
It is the responsibility of the recipient to ensure that
any attachments are virus free and PRIMUS bears no responsibility
for any loss or damage arising in any way from the use
thereof.The term "PRIMUS" includes its affiliates.
----------------------------------------------------------------------------
Pour la version en français de ce message, veuillez voir
http://www.primustel.ca/fr/legal/cs.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: WebDAV permissions file...
Posted by BRM <bm...@yahoo.com>.
Sorry, I did read that, but I'm still not clear on the
answer to my question. I understand that I can give a
group access like the example, but the example does
not list groups as being a member of a group, which I
guess it what my question really is - can a group be a
member of another group?
I'm not very familiar with the workings of the
/etc/group file and whether or not it can do this
either. I didn't see any info about that in 'man
group'.
Thanks.
BRM
--- James FitzGibbon <jf...@primustel.ca> wrote:
> From chapter 6 of the SVN book:
>
> The access file also allows you to define whole
> groups of users, much like
> the Unix /etc/group file:
>
> [groups]
> calc-developers = harry, sally, joe
> paint-developers = frank, sally, jane
> everyone = harry, sally, joe, frank, sally, jane
>
> Groups can be granted access control just like
> users. Distinguish them with
> an �at� (@) prefix:
>
> [calc:/projects/calc]
> @calc-developers = rw
>
> [paint:/projects/paint]
> @paint-developers = rw
> jane = r
>
> ...and that's pretty much all there is to it.
>
> Regards
>
> -----Original Message-----
> From: BRM [mailto:bm_witness@yahoo.com]
> Sent: Thursday, October 28, 2004 5:11 PM
> To: SubVersion Users
> Subject: WebDAV permissions file...
>
> I'm working on setting up a repository using WebDAV.
> I noticed in the
> documentation that it supports a file for use by
> mod_authz_svn to grant
> permissions based on particular folders within the
> repository. (Cool)
>
> What I am wonder (and this might be a stupid
> question) is, can I specify a
> group like a user? For example, is the following
> valid:
>
> [groups]
> win_developer = sally
> world_developer = harry
> developers = @win_developer, @world_developer
>
> Thanks,
>
> BRM
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail:
> users-help@subversion.tigris.org
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.784 / Virus Database: 530 - Release
> Date: 10/27/2004
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.784 / Virus Database: 530 - Release
> Date: 10/27/2004
>
>
>
>
>
----------------------------------------------------------------------------
> This electronic message contains information from
> Primus Telecommunications
> Canada Inc. ("PRIMUS") , which may be legally
> privileged and confidential.
> The information is intended to be for the use of the
> individual(s) or entity
> named above. If you are not the intended recipient,
> be aware that any
> disclosure, copying, distribution or use of the
> contents of this information
> is prohibited. If you have received this electronic
> message in error, please
> notify us by telephone or e-mail (to the number or
> address above)
> immediately. Any views, opinions or advice expressed
> in this electronic
> message are not necessarily the views, opinions or
> advice of PRIMUS.
> It is the responsibility of the recipient to ensure
> that
> any attachments are virus free and PRIMUS bears no
> responsibility
> for any loss or damage arising in any way from the
> use
> thereof.The term "PRIMUS" includes its affiliates.
>
----------------------------------------------------------------------------
> Pour la version en fran�ais de ce message, veuillez
> voir
> http://www.primustel.ca/fr/legal/cs.htm
>
----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: WebDAV permissions file...
Posted by James FitzGibbon <jf...@primustel.ca>.