couple of points to note about the ACLs
Brought to you by:
tyranny
Menu
▾
▴
couple of points to note about the ACLs
|
From: Alexey M. <al...@hs...> - 2001-11-25 01:18:54
|
[ This is documented in the acl-rfc.txt ] a) possible caveat (with a solution): The concept of "no ACLs" is used a lot, and this could sometimes lead to (unexpected) opening of repository to extemely wide access. In short, when the ACL file is non-existent or becomes empty after revoking all privileges granted, the "default ACL" come into play. Default ACL simply allows everything. Maybe we need some flag file in the repository that means "default ACL is deny everyone". (not done yet) b) intercommunication between ACLs on branches: - if there are no ACLs on a certain branch, then ACLs on a trunk are used instead. If there are no ACLs on a trunk, then default directory ACLs for certain branch are used. As a last resort, the default ACLs are used. Of course, the "branch/trunk" should be generalised to "branch/its parent branch", because there could be branch on a branch (done only partially). In fact, this behaviour is intuitive and expected. It adds complexity only for implementor. --alexm |
