Actually, I take that back, the manual says it's the *first* match: "Another important fact is that the first matching rule is the one which gets applied to a user." (http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html)
On Feb 11, 2010, at 1:52 PM, David Brodbeck wrote: > Interesting. Did this behavior change at some point? I'm using the syntax > with "* =" at the end of the entry in many locations and it's always worked > fine. svnserve 1.5.1 here. The manual does seem to agree with your example, > so I'm wondering if I should go through and change all of my permission > entries to avoid future problems. > > > On Feb 11, 2010, at 9:51 AM, Sebastian Grewe wrote: > >> Hey Lauro, >> >> Put them in a different order: Last match always decides on access >> permissions. >> >> [/path/foo] >> * = >> user2 = r >> user1 = rw >> @groupbar = rw >> >> Something similar to that is working on my setup. >> >> Cheers, >> Sebastian >> >> On Thu, 2010-02-11 at 15:19 -0200, Lauro Costa G. Borges wrote: >>> Hi, >>> >>> I'm using Subversion version 1.4.4 (r25188). >>> >>> I'm noticing that the authz file is not properly processed. For some >>> paths I have: >>> >>> >>> [/path/foo] >>> user1 = rw >>> user2 = r >>> @groupbar = rw >>> * = >>> >>> All users before "* =" are forbidden on that directory, if I take "* >>> =" out, then, The permissions are properly applied. >>> >>> My problem is, my manager wants a "default deny" ACL, so, for many of >>> the directories, I need to have "* = ". >>> >>> >>> * Note: I tried to put "* =" before all the other ACL's, in the end, >>> in the middle, doesn't seem to make difference. >>> >>> >>> thanks in advance, >>> >>> Lauro >> >> > > -- > > David Brodbeck > System Administrator, Linguistics > University of Washington > > > > -- David Brodbeck System Administrator, Linguistics University of Washington
