On Tue, Apr 26, 2011 at 3:23 PM, Alan M. Evans <a...@extratech.com> wrote:
> On Tue, 2011-04-26 at 17:18 -0500, kmra...@rockwellcollins.com wrote: > > "Alan M. Evans" wrote on 04/26/2011 04:54:37 PM: > > > > > > > I've found using "*" to be non intuitive. Try: > > > > > > > > [/] > > > > $authenticated=rw > > > > jon= > > > > > > Thanks for the reply! Unfortunately, jon still has full access... > > > > Does order matter? I think the first match wins: > > > > [/] > > jon= > > $authenticated=rw > > No difference. jon still has access. > The manual says "first match wins" but that's wrong. When I asked about this I was pointed to this discussion: http://svn.haxx.se/dev/archive-2010-01/0340.shtml It turns out the permissions are basically or'ed; the user gets a combination of permissions from all the lines that apply to them. So the short answer is there's probably no way to do what you want except by creating a group with everyone but jon in it. -- David Brodbeck System Administrator, Linguistics University of Washington
