[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in GNATS 3.113.1 Access Control for Multiple DBs
|
From: |
Hon-Chi Ng |
|
Subject: |
Bug in GNATS 3.113.1 Access Control for Multiple DBs |
|
Date: |
Fri, 12 Oct 2001 17:46:56 -0700 |
Hi
I encounter a "strange" behavior exhibited by GNATS 3.113.1 server with
respect to access control for multiple databases. I say "strange" is
because it does the opposite of what the GNATS documentation says, at least
what I understand.
I believe it is a bug, but if I miss something, please point out it to me.
1. Here are the configurations.
In /etc/gnats-db.conf,
/local/gnats-3.113.1/share/gnats/gnats-db:default
/prj/prj1/gnats-db:prj1
In /local/gnats-3.113.1/share/gnats/gnats-db/gnats-adm/gnatsd.conf,
myhost:view:
In /local/gnats-3.113.1/share/gnats/gnats-db/gnats-adm/gnatsd.access,
*:*:view:
In /prj/prj1/gnats-db/gnats-adm/gnatsd.conf,
myhost:none:
In /prj/prj1/gnats-db/gnats-adm/gnatsd.access,
guest:guest:view:
Then, I telnet to GNATS server from myhost.
myhost$ telnet gnats 1529
200 gnats GNATS server 3.113.1 ready.
lcat
220 List follows.
pending:Category for faulty PRs:gnats-admin:
test:*Test Category:gnats-admin:
.
dbla
220 List follows.
default
prj1
.
chdb prj1
210 Now accessing GNATS database '/prj/prj1/gnats-db'
lcat
520 You are not authorized to perform this operation (LCAT).
user guest guest
520 You are not on the user access list: guest/guest.
Connection closed by foreign host.
So, even though gnatsd.access of prj1 has guest set to view access, GNATS
server still denies access by guest.
Isn't it correct that
a) gnatsd.access precedes gnatsd.conf of a given gnats-db, and
b) gnatsd.* in a given gnats-db precedes those in default GNATS_ROOT?
Or do I miss something?
2. After spending the whole day debugging it, I found the "fix" and this is
the weird part.
To "fix" the above problem, I have to lower access level in gnatsd.conf
in default GNATS_ROOT from view to none!!! The other files remain the
same as above.
Change /local/gnats-3.113.1/share/gnats/gnats-db/gnats-adm/gnatsd.conf,
myhost:none:
myhost$ telnet gnats 1529
200 gnats GNATS server 3.113.1 ready.
lcat
520 You are not authorized to perform this operation (LCAT).
dbla
220 List follows.
default
prj1
.
chdb prj_1
210 Now accessing GNATS database '/prj/prj1/gnats-db'
lcat
520 You are not authorized to perform this operation (LCAT).
user guest guest
210 User access level set to view
lcat
220 List follows.
pending:Category for faulty PRs:gnats-admin:
doc:Documentation Bug:prj_owner:
.
quit
205 Later.
Connection closed by foreign host.
I am lost. Why gnatsd.conf in default GNATS_ROOT has to be lowered from
view to none in order to make gnatsd.access of another gnats-db view
access level be honored?
a) Shouldn't gnatsd.* in a given gnats-db precedes those in default
GNATS_ROOT?
b) Shouldn't access level be more restrictive by changing from view to
none?
I found such GNATS behavior counter-intuitive. If this is not a bug, but a
intended feature of GNATS, can someone kindly explain it to me?
Thanks.
Hon-Chi
------------------------------------------------------------
--== Sent via Deja.com ==--
http://www.deja.com/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Bug in GNATS 3.113.1 Access Control for Multiple DBs,
Hon-Chi Ng <=