subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "innnzzz6@hotmail.com" <innnz...@icloud.com>
Subject Re: SVN 1.10 AuthZ file parsing too strict?!
Date Mon, 28 Jan 2019 07:27:55 GMT


On 2019/01/18 22:07:57, Doug Robinson wrote: 
> Honored committers (and the rest of us):> 
> 
> It's come to my attention that if a group is defined in an AuthZ> 
> file without an associated account that SVN is, as of 1.10, generating> 
> an error and failing to allow the use of that AuthZ file.> 
> 
> Example:> 
> 
> [groups]> 
> goodGroup = acct1> 
> goodGroup2 = acct1, acct2> 
> badGroup => 
> 
> [repoName:/someplace]> 
> @badGroup = rw> 
> 
> svnauthz: E220003: Error while parsing authz file: ...> 
> svnauthz: E220003: Access entry refers to undefined group ...> 
> 
> My thoughts:> 
> 
> 1. From a compatibility standpoint it really should be a Warning,> 
> not an Error. If there's no accounts then certainly it can have> 
> no impact on the security of the repository/ies.> 
> 
> 2. From a usability standpoint it really should simply be supported.> 
> The AuthZ file is a representation of a team structure. There are> 
> times when teams will get reduced headcount down to zero and then> 
> back up again. To deal with that use case with SVN 1.10 means> 
> either:> 
> 
> a) stripping out all references to the team and losing all of the> 
> places where that team requires access> 
> 
> b) configuring a dummy account for the team and hoping that the> 
> account will never be created> 
> 
> c) leaving the team around and fixing SVN to allow an empty team> 
> 
> My preference would be first 2c and, if not, then 1. But that's> 
> me.> 
> 
> Not sure about the history of why this change was made? I'd like> 
> to better understand.> 
> 
> Cheers.> 
> 
> Doug> 
> -- > 
> *DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER> 
> 
> T +1 925 396 1125> 
> *E* doug.robinson@wandisco.com> 
> 
> -- > 
> 
> 
> * *> 
> 
> **The LIVE DATA Company> 
> *Find out more > 
> *wandisco.com *> 
> 
> 
> 
> > 
> > 
> *> 
> 
> 
> THIS MESSAGE > 
> AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED> 
> 
> If > 
> this message was misdirected, WANdisco, Inc. and its subsidiaries, > 
> ("WANdisco") does not waive any confidentiality or privilege. If you are > 
> not the intended recipient, please notify us immediately and destroy the > 
> message without disclosing its contents to anyone. Any distribution, use or > 
> copying of this email or the information it contains by other than an > 
> intended recipient is unauthorized. The views and opinions expressed in > 
> this email message are the author's own and may not reflect the views and > 
> opinions of WANdisco, unless the author is authorized by WANdisco to > 
> express such views or opinions on its behalf. All email sent to or from > 
> this address is subject to electronic storage and review by WANdisco. > 
> Although WANdisco operates anti-virus programs, it does not accept > 
> responsibility for any damage whatsoever caused by viruses being passed.> 
>


Sent from my iPhone

Mime
View raw message