subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: Check Path based authorization
Date Tue, 11 Dec 2018 19:54:21 GMT
On 11.12.2018 18:40, Stuempfig, Thomas wrote:
> Hi Brane,
> well after testing the tool does not actually do what i would like. But it is giving
me a starting point / work around.
> I tested the tool with Visualsvn Server on windows
>
>
> Steps to reproduce
> 1) configure basic windows authentication
>
> 2) grant" rw" access to the repository root path for AD group
>         Visualsvn server places the objectSid S-1-1-11-111111111-111111111-11111111-11111
 of the group in the  VisualSVN-WinAuthz.ini file of the repository
>
> 3) svnauthz.exe accessof --username S-2-2-22-222222222-22222222-222222222-22222 d:\repositories\test\conf\VisualSVN-WinAuthz.ini
>   Where username is a member of the AD group objectSid S-1-1-11-111111111-111111111-11111111-11111
>  Result no
>
> But
> 4) svnauthz.exe accessof --username S-1-1-11-111111111-111111111-11111111-11111  22222
d:\repositories\test\conf\VisualSVN-WinAuthz.ini
> Gives "rw"

I really have no idea what the WinAuthz.ini file is and what VisualSVN
does with it. It's impossible to say if your result is expected if we
don't see the contents of the authz file.

But yes, 'svnauthz' will calculate access for users, not for groups. A
user can be a member of several groups and the actual rights she has can
be a combination of rights granted to the groups.

-- Brane


Mime
View raw message