Hi,
we're using the path-based authorization to avoid costly mistakes when someone
accidentally deletes things they shouldn't, but we just had an incident anyway
and I can't get my head around how this was possible. I'll outline our settings
below if anyone can figure out if we have it wrong, if the server someone did
something unexpected or if I simply misunderstand the configuration file syntax.
We have a layout of
/project1/{trunk,branches}
And to prevent that someone accidentally deletes the trunk or branches or adds
branches in the root of "project1", we have this in our access file ("admins"
is a group containing only a few users):
[/]
@members = r
@admins = rw
[/project1]
@members = r
@admins = rw
[/project1/branches]
@members = rw
The latter so that people can create new directories under
"/project1/branches/", but I did not think that would give them permission to
delete "/project1/branches", which is exactly what someone managed to do. Is
this expected behavior based on the above configuration? I thought that the "r"
setting for "project1" would mean that a write that deletes a file/directory
immediately under that one would be disallowed. We have verified that no one
can add a file directly under /project1/ so then I can only think that the rw
on /project1/branches allows delete of that directory while I thought that it
would only allow rw below that one (i.e. branches/*)
If this is expected behavior, how can I differentiate permission between
"project1/branches" and "project1/branches/*"? That is, I want to prevent
anyone from deleting "branches", but I want to allow them to add filer under
"branches/"
TIA,
Chris
