[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] permission denied for new user and no reason
From: |
Richard Levitte - VMS Whacker |
Subject: |
Re: [Monotone-devel] permission denied for new user and no reason |
Date: |
Wed, 14 Feb 2007 16:10:06 +0100 (CET) |
In message <address@hidden> on Wed, 14 Feb 2007 16:37:11 +0200, Boris
<address@hidden> said:
boriss> I added a new user to a project. However he can't connect (to a central
boriss> server) but gets a "permission denied" error. The file read-permission
boriss> basically looks like this:
boriss>
boriss> pattern "com.example.project*"
boriss> allow "user1"
boriss> allow "user2"
boriss>
boriss> pattern "com.example.project.tests*"
boriss> allow "user3"
boriss> allow "user4"
boriss>
boriss> When user4 connects he sees this:
boriss>
boriss> mtn: warning: protocol error while processing peer a.b.c.d: 'received
boriss> network error: denied 'user4' read permission for
boriss> 'com.example.project.tests*' excluding '' because of branch
boriss> 'com.example.project.tests.a''
[...]
boriss> Any ideas?
Yes. The instructions in read-permission are processed top to bottom,
and the general rule is that processing stops as soon as it has found
a matching pattern and been able to determine if the user is allowed
to access that pattern or not. Furthermore, anyone that isn't allowed
is disallowed, period.
So, what happens is that the branch com.example.project.tests.a is
caught in the first pattern, and since user4 isn't among the allowed
user for that pattern, user4 is disallowed and processing stops.
There are two ways to deal with this:
1) add the following stanza to the first pattern:
continue "true"
that means that unless the requesting user is explicitely allowed
or denied in that pattern, process will continue with the next
pattern.
2) have the patterns switch places, so the longest pattern
(com.example.project.tests*) comes first
I will agree with you that the error message is a bit confusing
regarding this.
Also, I HAVEN'T TESTED WHAT I JUST SAID. I wholeheartadly leave that
to you ;-).
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis