You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by "Osipov, Michael" <mi...@siemens.com> on 2016/04/01 10:00:56 UTC

Mimicking mvn_authz_svn with svnauthz(1)

Hi folks,

I am trying to figure out how I can effectively mimic the behavior
of mod_authz_svn with svnauth(1). I do have a small, read-only PHP
application which shall browse a  repo just like mod_dav_svn does
with the same authz.  While calling svnauthz(1) works well,
I am not certain when I should use '--recursive' or not. Looking at
mod_authz_svn.c for the switch case with r->method_number, I do see
that it is only necessary for COPY, MOVE, DELETE and default.
In terms of read-only access, I don't need recursive checks.

Is that correct?

Thanks,

Michael

RE: Mimicking mvn_authz_svn with svnauthz(1)

Posted by "Osipov, Michael" <mi...@siemens.com>.

> Osipov, Michael wrote on Fri, Apr 01, 2016 at 08:00:56 +0000:
> > Hi folks,
> >
> > I am trying to figure out how I can effectively mimic the behavior of
> > mod_authz_svn with svnauth(1). I do have a small, read-only PHP
> > application which shall browse a  repo just like mod_dav_svn does with
> > the same authz.  While calling svnauthz(1) works well, I am not
> > certain when I should use '--recursive' or not. Looking at
> > mod_authz_svn.c for the switch case with r->method_number, I do see
> > that it is only necessary for COPY, MOVE, DELETE and default.
> > In terms of read-only access, I don't need recursive checks.
> >
> > Is that correct?
> >
> 
> That depends on what your app does.  For example, if you provide an interface to
> 'ls -R' and the authz file has
> 
>     [/foo]
>     * = r
>     [/foo/secret]
>     * =
>     @secret = r
> 
> , then children of /foo/secret should be excluded from the listing, but a non-
> recursive 'r' answer on '/foo' doesn't convey that information.

It traverses only immediate children only. The only usecase for recursive traversal is
that my script offers to create a tarball from a tree which means it needs to check
recursively of course.

I still would like to have a statement about the behavior in mod_authz_svn.c

Michael

Re: Mimicking mvn_authz_svn with svnauthz(1)

Posted by Daniel Shahaf <d....@daniel.shahaf.name>.

Osipov, Michael wrote on Fri, Apr 01, 2016 at 08:00:56 +0000:
> Hi folks,
> 
> I am trying to figure out how I can effectively mimic the behavior
> of mod_authz_svn with svnauth(1). I do have a small, read-only PHP
> application which shall browse a  repo just like mod_dav_svn does
> with the same authz.  While calling svnauthz(1) works well,
> I am not certain when I should use '--recursive' or not. Looking at
> mod_authz_svn.c for the switch case with r->method_number, I do see
> that it is only necessary for COPY, MOVE, DELETE and default.
> In terms of read-only access, I don't need recursive checks.
> 
> Is that correct?
> 

That depends on what your app does.  For example, if you provide an
interface to 'ls -R' and the authz file has

    [/foo]
    * = r
    [/foo/secret]
    * = 
    @secret = r

, then children of /foo/secret should be excluded from the listing, but
a non-recursive 'r' answer on '/foo' doesn't convey that information.

Cheers,

Daniel

> Thanks,
> 
> Michael
> 
> 
>