# subversion-commits mailing list archives

##### Site index · List index
Message view
Top
From cmpil...@apache.org
Subject svn commit: r1455379 - /subversion/site/publish/docs/release-notes/1.8.html
Date Tue, 12 Mar 2013 00:48:14 GMT
Author: cmpilato
Date: Tue Mar 12 00:48:14 2013
New Revision: 1455379

URL: http://svn.apache.org/r1455379
Log:
* site/publish/docs/release-notes/1.8.html
(#in-repo-authz): Rewrite this section for grammatical sanity and,
hopefully, additional clarity.  Specifically, point out that
it's only file:// URLs -- not http:// or svn://, e.g. -- which
work as in-repos authz file specifications.

Modified:
subversion/site/publish/docs/release-notes/1.8.html

Modified: subversion/site/publish/docs/release-notes/1.8.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.8.html?rev=1455379&r1=1455378&r2=1455379&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.8.html (original)
+++ subversion/site/publish/docs/release-notes/1.8.html Tue Mar 12 00:48:14 2013
@@ -1017,56 +1017,77 @@ when users apply the same change to mult
title="Link to this section">&para;</a>
</h3>

-<p>Subversion 1.8 allows authz files to be stored inside a
-Subversion repository.  This allows you to gain the versioning
-features of Subversion for the configuration of the path based
-authorization feature.  The repository does not need to be the
-same repository as the one that the authz files are being applied
-to.  However, if the repository is the same repository it allows
-the authz file to be synced with the repository making administration
-of the synchronized repositories easier.</p>
-
-<p>When providing the authz file to httpd or svnserve there are
-now four formats in which the location of the file may be described
-with.</p>
+<p>Subversion 1.8 allows authz files to be stored inside a Subversion
+repository.  This allows you to employ the versioning features of
+Subversion for the configuration of the path-based authorization
+feature.  You need not store the authz file in the same repository as
+the one to which its rules are being applied.  However, the server
+which uses the authz file does require filesystem access to the
+repository in which that file is stored.  Administrators should
+consider that one benefit of having the authz file stored in the same
+repository as the one to which its rules are being applied allows the
+authz file to be replicated along with the rest of the data in the
+repository, simplifying administration of mirrored repositories.</p>
+
+<p>When specifying the location of the authz file to Apache HTTP
+Server or svnserve, there are now four formats an administrator may
+use:</p>

<ol>
-<li>Absolute path to a file (outside of a repository): <tt>/path/to/file</tt>
or <tt>C:\path\to\file</tt>
-<li>Relative path to a file (outside of a repository): <tt>path/to/file</tt>
or <tt>path\to\file</tt>
-<li>Absolute URL to file in repsository: <tt>file:///path/to/repo/file</tt>

-<li>Relative URL to file in a repository: <tt>^/file</tt>
+<li>Absolute path to a file (outside of a repository):
+    <tt>/path/to/file</tt> or <tt>C:\path\to\file</tt></li>
+<li>Relative path to a file (outside of a repository):
+    <tt>path/to/file</tt> or <tt>path\to\file</tt></li>
+<li>Absolute URL to file in repository:
+    <tt>file:///path/to/repo/file</tt></li>
+<li>Relative URL to file in a repository:
+    <tt>^/file</tt></li>
</ol>

-<p>The first two are the formats that were already supported in versions prior
-to 1.8, leaving the last two as the new ones.  The absolute URL format is
-similar to what you could use with <tt>svn cat</tt> to list a file in a local
-repository.  The relative URL is also
-<a href="http://svn.apache.org/repos/asf/subversion/trunk/notes/cli-repo-root-relative-support.txt">similar
to a format</a>
-that the client can use, the <tt>^/</tt>is removed and the authz file is found
-at the path in the repository being accessed.  httpd accepts all 4 formats
-in both AuthzSVNAccessFile and AuthzSVNReposRelativeAccessFile configuration
-directives, the only difference between the two is the root path for the
-relative path to a file outside a repository format.</p>
-
-<div class="notice"><span style="color: red"><b>WARNING:</b></span>Unlike
authz
-  files stored on the servers local disk, authz files stored in the repository
-  are accessible via Subversion clients just like any other file in the
-  repository.  If you wish to protect the contents of the authz file you should
-  configure appropriate access restrictions for it in the applicable authz file
-  (potentially the same file even).</div>
-
-<div class="notice"><span style="color: red"><b>WARNING:</b></span>Commiting
an
-  authz file to a repository is no different than committing any other file.
-  The Subversion servers do not validate the authz file in any way.  It may be
-  desirable to setup a pre-commit hook script to validate the authz file is
-  valid and/or has not removed all permissions to edit the file.  If
-  permissions have been removed to edit it via the network server(s) you can
-  of course always edit it via a local (<tt>file://</tt>) checkout since
-  ra_local does not observe path based permissions.  In order to assist in
-  making it easy to validate authz files a new hook-script has been added to
-  tools/hook-scripts called validate-files.py.  The
-  validate-files.conf.example contains examples on how to validate both syntax
-  and specific permissions.
+<p>The first two formats are those that were already supported in
+versions prior to 1.8; the latter two are the new formats.</p>
+
+<p>The new absolute URL format is similar to what you might use
+with <tt>svn cat</tt> to list the contents of a file versioned in a
+local repository.  (Note that at this time, support exists
+for <tt>file://</tt> URLs only, not for other Subversion URL flavors
+such as <tt>http://</tt>, <tt>svn://</tt>, and so on.)</p>
+
+<p>The relative URL syntax should also look familiar, as it mimics
+<a href="http://svn.apache.org/repos/asf/subversion/trunk/notes/cli-repo-root-relative-support.txt"
+>the relative URL syntax</a> that the command-line client recognizes.
+When parsing path specifications in this format, Subversion simply
+ignores the leading <tt>^/</tt> and looks for authz file at the
+remaining path in the repository which is being accessed.</p>
+
+<p>Apache HTTP Server accepts all four formats for both the
+<tt>AuthzSVNAccessFile</tt> and <tt>AuthzSVNReposRelativeAccessFile</tt>
+configuration directives.  The only difference between these two
+directives is the root path for the "relative path to a file outside a
+repository" format.</p>
+
+<div class="notice">
+<p><span style="color: red"><b>WARNING:</b></span> Unlike authz
files
+stored on the server's local disk, authz files stored in the repository
+are accessible via Subversion clients just like any other file in the
+repository.  If you wish to protect the contents of the authz file you
+should configure appropriate access restrictions for it in the
+applicable authz file (which could potentially be the same file!).</p>
+</div>
+
+<div class="notice">
+<p><span style="color: red"><b>WARNING:</b></span> As with
other
+versioned files, Subversion servers do not validate the internal
+syntax of a versioned authz file in any way.  Administrators may wish
+to set up a pre-commit hook script to validate that the authz file is
+well-formed and/or the committing user has not removed all permissions
+to edit the file.  If permissions have been removed to edit it via the
+network server(s) you can of course always edit it via a local
+(<tt>file://</tt>) checkout since ra_local does not observe path based
+permissions.  See the <tt>validate-files.py</tt> hook script and its
+related configuration files in Subversion's <tt>tools/hook-scripts</tt>
+for examples of how to validate a versioned authz file's syntax and
+specific permissions.</p>
</div>

</div>  <!-- in-repo-authz -->


Mime
View raw message