On Wed, 2006-01-04 at 15:37 -0800, Steven E. Harris wrote: > I'm experimenting with the read-permissions file running "pull" > against a server and finding the resulting behavior surprising. As > this file format is relatively new to monotone, searching for > documentation and examples has brought little help. > > Consider the following example: > > ,----[ ~/.monotone/read-permissions ] > | comment "Everyone can read these branches" > | pattern "com.example.foo.bar*" > | allow "*" > | > | comment "Only some people can read these branches" > | pattern "com.example.foo*" > | allow "[EMAIL PROTECTED]" > | allow "[EMAIL PROTECTED]" > `---- > > The intention is to allow anonymous access to the com.example.foo.bar > branch and its descendants, but to allow only two users access to any > other branches rooted at com.example.foo. > > On the server I run the following command: > > monotone serve --db=~/path/to/foo.db some_address 'com.example.foo*' > > On some client I run the following two commands: > > monotone pull some_address com.example.foo.bar > monotone pull some_address com.example.foo > > Both of these commands succeed, being granted read access by the > server. I expected that the first would be permitted, but that the > second one should have been rejected for lack of a key > specification. That is, anonymous access was not intended for any > branches but com.example.foo.bar and its descendants. > > Have I misunderstood the read-permissions format? Is this a bug in > monotone? The server side is running version 0.24 on Debian Linux, the > client side running version 0.24 on Cygwin atop Windows XP. >
This appears to work as expected here, if I replace the patterns with ones that match my db (I used net.venge.monotone* and net.venge.monotone.contrib*). One thing I noticed is $ mtn -d mt.db~ pull localhost net.venge.monotone. monotone: doing anonymous pull; use -kKEYNAME if you need authentication monotone: connecting to localhost monotone: finding items to synchronize: monotone: successful exchange with localhost monotone: bytes in | bytes out | certs in | revs in | revs written monotone: 196 | 499 | 0 | 0 | 0 when 'net.venge.monotone.' would be not allowed. But since that doesn't actually match any branches, permission is granted anyway. Just, there's nothing to actually read. Is com.example.foo a branch that really exists in the server's database? If not, then permission will be granted because there's nothing to read, and so nothing to deny permission for. Tim _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
