subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From devnullacco...@yahoo.se
Subject Unexpected behavior with path-based permissions
Date Wed, 29 May 2019 09:03:00 GMT
Hi,
we're using the path-based authorization to avoid costly mistakes when someone accidentally
deletes things they shouldn't, but we just had an incident anyway and I can't get my head
around how this was possible. I'll outline our settings below if anyone can figure out if
we have it wrong, if the server someone did something unexpected or if I simply misunderstand
the configuration file syntax.

We have a layout of
/project1/{trunk,branches}

And to prevent that someone accidentally deletes the trunk or branches or adds branches in
the root of "project1", we have this in our access file ("admins" is a group containing only
a few users):

[/]
@members = r
@admins = rw

[/project1]

@members = r
@admins = rw

[/project1/branches]

@members = rw

The latter so that people can create new directories under "/project1/branches/", but I did
not think that would give them permission to delete "/project1/branches", which is exactly
what someone managed to do. Is this expected behavior based on the above configuration? I
thought that the "r" setting for "project1" would mean that a write that deletes a file/directory
immediately under that one would be disallowed. We have verified that no one can add a file
directly under /project1/ so then I can only think that the rw on /project1/branches allows
delete of that directory while I thought that it would only allow rw below that one (i.e.
branches/*)

If this is expected behavior, how can I differentiate permission between "project1/branches"
and "project1/branches/*"? That is, I want to prevent anyone from deleting "branches", but
I want to allow them to add filer under "branches/"

TIA,
  Chris

Mime
View raw message