Author: cmpilato
Date: Tue Mar 12 00:48:14 2013
New Revision: 1455379
URL: http://svn.apache.org/r1455379
Log:
* site/publish/docs/release-notes/1.8.html
(#in-repo-authz): Rewrite this section for grammatical sanity and,
hopefully, additional clarity. Specifically, point out that
it's only file:// URLs -- not http:// or svn://, e.g. -- which
work as in-repos authz file specifications.
Modified:
subversion/site/publish/docs/release-notes/1.8.html
Modified: subversion/site/publish/docs/release-notes/1.8.html
URL:
http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.8.html?rev=1455379&r1=1455378&r2=1455379&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.8.html (original)
+++ subversion/site/publish/docs/release-notes/1.8.html Tue Mar 12 00:48:14 2013
@@ -1017,56 +1017,77 @@ when users apply the same change to mult
title="Link to this section">¶</a>
</h3>
-<p>Subversion 1.8 allows authz files to be stored inside a
-Subversion repository. This allows you to gain the versioning
-features of Subversion for the configuration of the path based
-authorization feature. The repository does not need to be the
-same repository as the one that the authz files are being applied
-to. However, if the repository is the same repository it allows
-the authz file to be synced with the repository making administration
-of the synchronized repositories easier.</p>
-
-<p>When providing the authz file to httpd or svnserve there are
-now four formats in which the location of the file may be described
-with.</p>
+<p>Subversion 1.8 allows authz files to be stored inside a Subversion
+repository. This allows you to employ the versioning features of
+Subversion for the configuration of the path-based authorization
+feature. You need not store the authz file in the same repository as
+the one to which its rules are being applied. However, the server
+which uses the authz file does require filesystem access to the
+repository in which that file is stored. Administrators should
+consider that one benefit of having the authz file stored in the same
+repository as the one to which its rules are being applied allows the
+authz file to be replicated along with the rest of the data in the
+repository, simplifying administration of mirrored repositories.</p>
+
+<p>When specifying the location of the authz file to Apache HTTP
+Server or svnserve, there are now four formats an administrator may
+use:</p>
<ol>
-<li>Absolute path to a file (outside of a repository): <tt>/path/to/file</tt>
or <tt>C:\path\to\file</tt>
-<li>Relative path to a file (outside of a repository): <tt>path/to/file</tt>
or <tt>path\to\file</tt>
-<li>Absolute URL to file in repsository: <tt>file:///path/to/repo/file</tt>
-<li>Relative URL to file in a repository: <tt>^/file</tt>
+<li>Absolute path to a file (outside of a repository):
+ <tt>/path/to/file</tt> or <tt>C:\path\to\file</tt></li>
+<li>Relative path to a file (outside of a repository):
+ <tt>path/to/file</tt> or <tt>path\to\file</tt></li>
+<li>Absolute URL to file in repository:
+ <tt>file:///path/to/repo/file</tt></li>
+<li>Relative URL to file in a repository:
+ <tt>^/file</tt></li>
</ol>
-<p>The first two are the formats that were already supported in versions prior
-to 1.8, leaving the last two as the new ones. The absolute URL format is
-similar to what you could use with <tt>svn cat</tt> to list a file in a local
-repository. The relative URL is also
-<a
href="http://svn.apache.org/repos/asf/subversion/trunk/notes/cli-repo-root-relative-support.txt";>similar
to a format</a>
-that the client can use, the <tt>^/</tt>is removed and the authz file is found
-at the path in the repository being accessed. httpd accepts all 4 formats
-in both AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile configuration
-directives, the only difference between the two is the root path for the
-relative path to a file outside a repository format.</p>
-
-<div class="notice"><span style="color: red"><b>WARNING:</b></span>Unlike authz
- files stored on the servers local disk, authz files stored in the repository
- are accessible via Subversion clients just like any other file in the
- repository. If you wish to protect the contents of the authz file you should
- configure appropriate access restrictions for it in the applicable authz file
- (potentially the same file even).</div>
-
-<div class="notice"><span style="color: red"><b>WARNING:</b></span>Commiting an
- authz file to a repository is no different than committing any other file.
- The Subversion servers do not validate the authz file in any way. It may be
- desirable to setup a pre-commit hook script to validate the authz file is
- valid and/or has not removed all permissions to edit the file. If
- permissions have been removed to edit it via the network server(s) you can
- of course always edit it via a local (<tt>file://</tt>) checkout since
- ra_local does not observe path based permissions. In order to assist in
- making it easy to validate authz files a new hook-script has been added to
- tools/hook-scripts called validate-files.py. The
- validate-files.conf.example contains examples on how to validate both syntax
- and specific permissions.
+<p>The first two formats are those that were already supported in
+versions prior to 1.8; the latter two are the new formats.</p>
+
+<p>The new absolute URL format is similar to what you might use
+with <tt>svn cat</tt> to list the contents of a file versioned in a
+local repository. (Note that at this time, support exists
+for <tt>file://</tt> URLs only, not for other Subversion URL flavors
+such as <tt>http://</tt>, <tt>svn://</tt>, and so on.)</p>
+
+<p>The relative URL syntax should also look familiar, as it mimics
+<a
href="http://svn.apache.org/repos/asf/subversion/trunk/notes/cli-repo-root-relative-support.txt";
+>the relative URL syntax</a> that the command-line client recognizes.
+When parsing path specifications in this format, Subversion simply
+ignores the leading <tt>^/</tt> and looks for authz file at the
+remaining path in the repository which is being accessed.</p>
+
+<p>Apache HTTP Server accepts all four formats for both the
+<tt>AuthzSVNAccessFile</tt> and <tt>AuthzSVNReposRelativeAccessFile</tt>
+configuration directives. The only difference between these two
+directives is the root path for the "relative path to a file outside a
+repository" format.</p>
+
+<div class="notice">
+<p><span style="color: red"><b>WARNING:</b></span> Unlike authz files
+stored on the server's local disk, authz files stored in the repository
+are accessible via Subversion clients just like any other file in the
+repository. If you wish to protect the contents of the authz file you
+should configure appropriate access restrictions for it in the
+applicable authz file (which could potentially be the same file!).</p>
+</div>
+
+<div class="notice">
+<p><span style="color: red"><b>WARNING:</b></span> As with other
+versioned files, Subversion servers do not validate the internal
+syntax of a versioned authz file in any way. Administrators may wish
+to set up a pre-commit hook script to validate that the authz file is
+well-formed and/or the committing user has not removed all permissions
+to edit the file. If permissions have been removed to edit it via the
+network server(s) you can of course always edit it via a local
+(<tt>file://</tt>) checkout since ra_local does not observe path based
+permissions. See the <tt>validate-files.py</tt> hook script and its
+related configuration files in Subversion's <tt>tools/hook-scripts</tt>
+for examples of how to validate a versioned authz file's syntax and
+specific permissions.</p>
</div>
</div> <!-- in-repo-authz -->
