You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Osipov, Michael" <mi...@siemens.com> on 2016/04/01 10:00:56 UTC
Mimicking mvn_authz_svn with svnauthz(1)
Hi folks,
I am trying to figure out how I can effectively mimic the behavior
of mod_authz_svn with svnauth(1). I do have a small, read-only PHP
application which shall browse a repo just like mod_dav_svn does
with the same authz. While calling svnauthz(1) works well,
I am not certain when I should use '--recursive' or not. Looking at
mod_authz_svn.c for the switch case with r->method_number, I do see
that it is only necessary for COPY, MOVE, DELETE and default.
In terms of read-only access, I don't need recursive checks.
Is that correct?
Thanks,
Michael
RE: Mimicking mvn_authz_svn with svnauthz(1)
Posted by "Osipov, Michael" <mi...@siemens.com>.
> Osipov, Michael wrote on Fri, Apr 01, 2016 at 08:00:56 +0000:
> > Hi folks,
> >
> > I am trying to figure out how I can effectively mimic the behavior of
> > mod_authz_svn with svnauth(1). I do have a small, read-only PHP
> > application which shall browse a repo just like mod_dav_svn does with
> > the same authz. While calling svnauthz(1) works well, I am not
> > certain when I should use '--recursive' or not. Looking at
> > mod_authz_svn.c for the switch case with r->method_number, I do see
> > that it is only necessary for COPY, MOVE, DELETE and default.
> > In terms of read-only access, I don't need recursive checks.
> >
> > Is that correct?
> >
>
> That depends on what your app does. For example, if you provide an interface to
> 'ls -R' and the authz file has
>
> [/foo]
> * = r
> [/foo/secret]
> * =
> @secret = r
>
> , then children of /foo/secret should be excluded from the listing, but a non-
> recursive 'r' answer on '/foo' doesn't convey that information.
It traverses only immediate children only. The only usecase for recursive traversal is
that my script offers to create a tarball from a tree which means it needs to check
recursively of course.
I still would like to have a statement about the behavior in mod_authz_svn.c
Michael
Re: Mimicking mvn_authz_svn with svnauthz(1)
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Osipov, Michael wrote on Fri, Apr 01, 2016 at 08:00:56 +0000:
> Hi folks,
>
> I am trying to figure out how I can effectively mimic the behavior
> of mod_authz_svn with svnauth(1). I do have a small, read-only PHP
> application which shall browse a repo just like mod_dav_svn does
> with the same authz. While calling svnauthz(1) works well,
> I am not certain when I should use '--recursive' or not. Looking at
> mod_authz_svn.c for the switch case with r->method_number, I do see
> that it is only necessary for COPY, MOVE, DELETE and default.
> In terms of read-only access, I don't need recursive checks.
>
> Is that correct?
>
That depends on what your app does. For example, if you provide an
interface to 'ls -R' and the authz file has
[/foo]
* = r
[/foo/secret]
* =
@secret = r
, then children of /foo/secret should be excluded from the listing, but
a non-recursive 'r' answer on '/foo' doesn't convey that information.
Cheers,
Daniel
> Thanks,
>
> Michael
>
>
>