Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-2907

Unable to selectively restrict access in authz.txt

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 1.4.x
    • Fix Version/s: unscheduled
    • Component/s: mod_authz_svn
    • Labels:
      None
    • Environment:

      Linux

      Description

      Have the following configuration in authz.txt file:
      
      [repo:/trunk]
      @users=rw
      @priv_users=rw
      
      [repo:/trunk/src]
      @priv_users=rw
      *=
      
      The objective of this is to restrict access to the /trunk/src repository to just
      the priv_users group.
      
      Using any Subversion client.
      
      If the top level /trunk directory is checked out then all of the objects 
      *other* than src are checked out. If /trunk/src is specifically checked 
      out then an error is received.
      
      This happens regardless of whether the user is present in priv_users or not.
      
      Web-browsers are able to browse /trunk and /trunk/src successfully using
      appropriate group members.
      
      There is an inconsistency between the two different access methods:
      
      Either:
      
      a) The "*= " rule should over-ride the more specific access control of 
      "@priv_users=rw" in which case no access should be available to any users via
      either a Subversion client or via the web-browser.
      
      or
      
      b) The "@priv_users=rw" is more specific to a particular user therefore it 
      should override the generic "*=" statement.
      
      Scenario "b" would be more in line with expected results.
      

      http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69580

      Original issue reported by dg

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              subversion-importer Subversion Importer
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: