#2453: authz requires more access then needed
-------------------------------+--------------------------------------------
 Reporter:  [EMAIL PROTECTED]  |       Owner:  jonas
     Type:  defect             |      Status:  new  
 Priority:  normal             |   Milestone:       
Component:  browser            |     Version:  0.9  
 Severity:  normal             |    Keywords:  authz
-------------------------------+--------------------------------------------
 The current authz permission system do not reflect the properties of svn
 permissions when inheriting rights.
 Ref. http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2

 svn authz system checks the most qualified path and when a match is found
 it uses that right away.

 Hence,
 {{{
 [/]
 * =
 [repo1:project1]
 * = r
 }}}
 allows read-only access to project1 in repo repo1 without granting access
 to anything else.

 Setting up trac to use repo1 project1 will give:
 {{{
 Permission denied on /
 }}}
 It appears trac authz requires at least read access to / which is not the
 way permissions are inherited in subversion.

 The work around is to set the trac environment repository_dir to the
 subpath of project1 (e.g. /my/repos/repo1/project1) and disable authz.

-- 
Ticket URL: <http://projects.edgewall.com/trac/ticket/2453>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets

Reply via email to