The "owner" property should be an href referencing the URI of a principal in the system, eg: <D:href>/users/john</D:href>. Check out the group-member-set properties of the various roles for examples.
-James On Wed, 2004-11-17 at 21:18 -0500, Jason McElravy wrote: > Oliver, > > Thanks for the tip on the users collection. As an alternative, > I created a "john" collection under /files using the following > configuration: > > <objectnode classname="org.apache.slide.structure.SubjectNode" > uri="/files"> > <permission action="all" subject="unauthenticated" > inheritable="true" negative="true"/> > <permission action="/actions/write" subject="owner" > inheritable="true"/> > <permission action="/actions/read-acl" subject="owner" > inheritable="true"/> > <permission action="/actions/write-acl" subject="owner" > inheritable="true"/> > > <objectnode classname="org.apache.slide.structure.SubjectNode" > uri="/files/john"> > <revision> > <property namespace="DAV:" > name="owner">john</property> > </revision> > </objectnode> > </objectnode> > > Unfortunately, I still get a 403 when I try to PUT a file into the john > collection even though I'm authenticated as john and john is the owner > of the collection. Can anyone offer any clarification as to why this is > the behavior? I would also welcome alternative suggestions for an > easily maintainable solution to setting up "home" directories for users. > Thanks in advance. > > -Jason > > > -----Original Message----- > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 17, 2004 6:06 PM > To: Slide Users Mailing List > Subject: Re: write privileges for owner > > Jason, the collections in users should not be used to store data. > These are not supposed to be the home directory of the specific user, > but are the representation of the user itself. > > Oliver > > > On Wed, 17 Nov 2004 13:54:59 -0500, Jason McElravy > <[EMAIL PROTECTED]> wrote: > > I am hoping to get some clarification on a security configuration for > > slide. I want each user on my server to have write privileges in his > > "home" directory. To test this I tried to alter the default > domain.xml > > configuration so john could write to /slide/users/john. I tried > > granting /actions/write to subject owner on /users and set > > inheritable="true". Here is the snippet: > > > > <objectnode classname="org.apache.slide.structure.SubjectNode" > > uri="/users"> > > <permission action="/actions/write" subject="owner" > > inheritable="true"/> > > <permission action="/actions/write-acl" subject="owner" > > inheritable="true"/> > > <permission action="/actions/read-acl" subject="owner" > > inheritable="true"/> > > <permission action="all" subject="unauthenticated" > > inheritable="true" negative="true"/> > > > > I set john as the owner of the john directory like this: > > > > <objectnode classname="org.apache.slide.structure.SubjectNode" > > uri="/users/john"> > > > > <revision> > > <property namespace="http://jakarta.apache.org/slide/"; > > name="password">john</property> > > <property namespace="DAV:" > name="owner">john</property> > > </revision> > > </objectnode> > > > > I am able to modify the properties of /users/john under this when > > authenticated as john using this configuration but I get a 403 when I > > try to PUT a file in that directory. It works if /actions/write is > > granted to /roles/user instead of owner for the /users uri but that > > doesn't meet my requirements. I want to avoid having to maintain > write > > permissions for each user to their home directory like this: > > > > <objectnode classname="org.apache.slide.structure.SubjectNode" > > uri="/users/john"> > > <permission action="/actions/write" subject="/users/john" > > inheritable="true"/> > > > > What am I missing in regard to granting write permissions to the > owner > > of a resource? Thanks in advance for your help. I am using > > slide-server 2.1b2 and webdavclient 2.1b1. > > > > -Jason > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
