monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] permission denied for new user and no reason

From: Richard Levitte - VMS Whacker
Subject: Re: [Monotone-devel] permission denied for new user and no reason
Date: Wed, 14 Feb 2007 16:10:06 +0100 (CET) 
In message <address@hidden> on Wed, 14 Feb 2007 16:37:11 +0200, Boris 
<address@hidden> said:

boriss> I added a new user to a project. However he can't connect (to a central 
 
boriss> server) but gets a "permission denied" error. The file read-permission  
boriss> basically looks like this:
boriss> 
boriss> pattern "com.example.project*"
boriss> allow "user1"
boriss> allow "user2"
boriss> 
boriss> pattern "com.example.project.tests*"
boriss> allow "user3"
boriss> allow "user4"
boriss> 
boriss> When user4 connects he sees this:
boriss> 
boriss> mtn: warning: protocol error while processing peer a.b.c.d: 'received  
boriss> network error: denied 'user4' read permission for  
boriss> 'com.example.project.tests*' excluding '' because of branch  
boriss> 'com.example.project.tests.a''
[...]
boriss> Any ideas?

Yes.  The instructions in read-permission are processed top to bottom,
and the general rule is that processing stops as soon as it has found
a matching pattern and been able to determine if the user is allowed
to access that pattern or not.  Furthermore, anyone that isn't allowed
is disallowed, period.

So, what happens is that the branch com.example.project.tests.a is
caught in the first pattern, and since user4 isn't among the allowed
user for that pattern, user4 is disallowed and processing stops.

There are two ways to deal with this:

 1) add the following stanza to the first pattern:

        continue "true"

    that means that unless the requesting user is explicitely allowed
    or denied in that pattern, process will continue with the next
    pattern.

 2) have the patterns switch places, so the longest pattern
    (com.example.project.tests*) comes first

I will agree with you that the error message is a bit confusing
regarding this.

Also, I HAVEN'T TESTED WHAT I JUST SAID.  I wholeheartadly leave that
to you ;-).

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         address@hidden
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
reply via email to
[Prev in Thread] Current Thread [Next in Thread]