Edgewall Software
Modify

Opened 17 years ago

Closed 17 years ago

#2453 closed defect (duplicate)

authz requires more access then needed

Reported by: exinor@… Owned by: Jonas Borgström
Priority: normal Milestone:
Component: version control/browser Version: 0.9
Severity: normal Keywords: authz
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

The current authz permission system do not reflect the properties of svn permissions when inheriting rights. Ref. http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2

svn authz system checks the most qualified path and when a match is found it uses that right away.

Hence,

[/]
* =
[repo1:project1]
* = r

allows read-only access to project1 in repo repo1 without granting access to anything else.

Setting up trac to use repo1 project1 will give:

Permission denied on /

It appears trac authz requires at least read access to / which is not the way permissions are inherited in subversion.

The work around is to set the trac environment repository_dir to the subpath of project1 (e.g. /my/repos/repo1/project1) and disable authz.

Attachments (0)

Change History (1)

comment:1 by Matthew Good, 17 years ago

Resolution: duplicate
Status: newclosed

First of all, you need to use a "/" at the beginning of the paths names in the authz file, so [repo1:project1] should be [repo1:/project1]. Also, even if you've given access to the "/project1" directory, Trac will deny access to the root folder of the repository since you have not given any users access to it. This behavior is the same as SVN's enforcement of the authz permissions.

I think that using the repository subpath is an appropriate choice for what it looks like you're doing. However, I think that the reason you disabled the authz config is due to the problem reported in #2477, so I'm going to close this ticket as a duplicate of that issue.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.