[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] The read-permissions file -- unexpected behavior
From: |
Timothy Brownawell |
Subject: |
Re: [Monotone-devel] The read-permissions file -- unexpected behavior |
Date: |
Wed, 04 Jan 2006 22:47:43 -0600 |
On Wed, 2006-01-04 at 15:37 -0800, Steven E. Harris wrote:
> I'm experimenting with the read-permissions file running "pull"
> against a server and finding the resulting behavior surprising. As
> this file format is relatively new to monotone, searching for
> documentation and examples has brought little help.
>
> Consider the following example:
>
> ,----[ ~/.monotone/read-permissions ]
> | comment "Everyone can read these branches"
> | pattern "com.example.foo.bar*"
> | allow "*"
> |
> | comment "Only some people can read these branches"
> | pattern "com.example.foo*"
> | allow "address@hidden"
> | allow "address@hidden"
> `----
>
> The intention is to allow anonymous access to the com.example.foo.bar
> branch and its descendants, but to allow only two users access to any
> other branches rooted at com.example.foo.
>
> On the server I run the following command:
>
> monotone serve --db=~/path/to/foo.db some_address 'com.example.foo*'
>
> On some client I run the following two commands:
>
> monotone pull some_address com.example.foo.bar
> monotone pull some_address com.example.foo
>
> Both of these commands succeed, being granted read access by the
> server. I expected that the first would be permitted, but that the
> second one should have been rejected for lack of a key
> specification. That is, anonymous access was not intended for any
> branches but com.example.foo.bar and its descendants.
>
> Have I misunderstood the read-permissions format? Is this a bug in
> monotone? The server side is running version 0.24 on Debian Linux, the
> client side running version 0.24 on Cygwin atop Windows XP.
>
This appears to work as expected here, if I replace the patterns with
ones that match my db (I used net.venge.monotone* and
net.venge.monotone.contrib*). One thing I noticed is
$ mtn -d mt.db~ pull localhost net.venge.monotone.
monotone: doing anonymous pull; use -kKEYNAME if you need authentication
monotone: connecting to localhost
monotone: finding items to synchronize:
monotone: successful exchange with localhost
monotone: bytes in | bytes out | certs in | revs in | revs written
monotone: 196 | 499 | 0 | 0 | 0
when 'net.venge.monotone.' would be not allowed. But since that doesn't
actually match any branches, permission is granted anyway. Just, there's
nothing to actually read.
Is com.example.foo a branch that really exists in the server's database?
If not, then permission will be granted because there's nothing to read,
and so nothing to deny permission for.
Tim