subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache subversion Wiki <comm...@subversion.apache.org>
Subject [Subversion Wiki] Update of "InRepoAuthz" by BenReser
Date Mon, 05 Nov 2012 13:20:17 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "InRepoAuthz" page has been changed by BenReser:
http://wiki.apache.org/subversion/InRepoAuthz?action=diff&rev1=1&rev2=2

Comment:
Finish up SVNParentPath and add --config-file section.

  
  === SVNParentPath Operation ===
  
- When used with SVNParentPath in the case of mod_dav_svn or -d in the case of svnserve it
may be desirable to always use the Authz file at the same path within the repository being
accessed.  At current svnserve and mod_authz_svn do not have a uniform way of configuring
Authz.
+ mod_authz_svn isn't aware of SVNParentPath, currently you must use one authz file and set
the repository flag on the rules.  However, svnserve unless otherwise configured with the
--config-file option at startup looks for a svnserve.conf in each repo and then uses the authz-db
value in each config file to find the authz file, allowing svnserve -d to use a different
authz file for each repo.  
  
- ...Incomplete needs to finish writing up how we behave here since I think we want to make
some behavior changes...
+ The expansion of the format to support the `^/` format would allow mod_authz_svn to access
a different authz file per repo, but only in the case that you were storing the authz file
in the repository.
+ 
+ It is beyond the scope of this change to resolve the general problem with mod_authz_svn
not being able to access a different authz file per repo when stored outside of the repo.
+ 
+ === svnserve --config-file Operation ===
+ 
+ --config-file presents a special problem for this change.  Since the Authz is loaded and
cached at startup the `^/` (in repo relative) format can't be cached and must be loaded on
each connection (similar to the way svnserve behaves without --config-file).
  
  === Security ===
  

Mime
View raw message