#2453: authz requires more access then needed
-------------------------------+--------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: defect | Status: new
Priority: normal | Milestone:
Component: browser | Version: 0.9
Severity: normal | Keywords: authz
-------------------------------+--------------------------------------------
The current authz permission system do not reflect the properties of svn
permissions when inheriting rights.
Ref. http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2
svn authz system checks the most qualified path and when a match is found
it uses that right away.
Hence,
{{{
[/]
* =
[repo1:project1]
* = r
}}}
allows read-only access to project1 in repo repo1 without granting access
to anything else.
Setting up trac to use repo1 project1 will give:
{{{
Permission denied on /
}}}
It appears trac authz requires at least read access to / which is not the
way permissions are inherited in subversion.
The work around is to set the trac environment repository_dir to the
subpath of project1 (e.g. /my/repos/repo1/project1) and disable authz.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2453>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets