Re: [Monotone-devel] The read-permissions file -- unexpected behavior

[Timothy Brownawell]

On Wed, 2006-01-04 at 15:37 -0800, Steven E. Harris wrote:
> I'm experimenting with the read-permissions file running "pull"
> against a server and finding the resulting behavior surprising. As
> this file format is relatively new to monotone, searching for
> documentation and examples has brought little help.
> 
> Consider the following example:
> 
> ,----[ ~/.monotone/read-permissions ]
> | comment "Everyone can read these branches"
> | pattern "com.example.foo.bar*"
> | allow "*"
> | 
> | comment "Only some people can read these branches"
> | pattern "com.example.foo*"
> | allow "address@hidden"
> | allow "address@hidden"
> `----
> 
> The intention is to allow anonymous access to the com.example.foo.bar
> branch and its descendants, but to allow only two users access to any
> other branches rooted at com.example.foo.
> 
> On the server I run the following command:
> 
>   monotone serve --db=~/path/to/foo.db some_address 'com.example.foo*'
> 
> On some client I run the following two commands:
> 
>   monotone pull some_address com.example.foo.bar
>   monotone pull some_address com.example.foo
> 
> Both of these commands succeed, being granted read access by the
> server. I expected that the first would be permitted, but that the
> second one should have been rejected for lack of a key
> specification. That is, anonymous access was not intended for any
> branches but com.example.foo.bar and its descendants.

On an anonymous pull, the client will print the line "monotone: doing
anonymous pull; use -kKEYNAME if you need authentication".

If you're in a workspace (as you seem to be, since you don't specify a
database for the client), monotone could be getting which key to use
from MT/options.

Does
   monotone pull some_address com.example.foo -k ''
have the same results?

Tim