Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
1.4.x
-
None
-
Linux
Description
Have the following configuration in authz.txt file: [repo:/trunk] @users=rw @priv_users=rw [repo:/trunk/src] @priv_users=rw *= The objective of this is to restrict access to the /trunk/src repository to just the priv_users group. Using any Subversion client. If the top level /trunk directory is checked out then all of the objects *other* than src are checked out. If /trunk/src is specifically checked out then an error is received. This happens regardless of whether the user is present in priv_users or not. Web-browsers are able to browse /trunk and /trunk/src successfully using appropriate group members. There is an inconsistency between the two different access methods: Either: a) The "*= " rule should over-ride the more specific access control of "@priv_users=rw" in which case no access should be available to any users via either a Subversion client or via the web-browser. or b) The "@priv_users=rw" is more specific to a particular user therefore it should override the generic "*=" statement. Scenario "b" would be more in line with expected results.
http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69580
Original issue reported by dg