gnats-prs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnats/314: gnats.host_acess access-level overrides gnatsd.access setting

From: elzubeir
Subject: gnats/314: gnats.host_acess access-level overrides gnatsd.access settings
Date: Thu, 20 Dec 2001 17:45:59 -0500 
>Number:         314
>Category:       gnats
>Synopsis:       gnats.host_acess access-level overrides gnatsd.access settings
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 20 17:45:58 -0500 2001
>Originator:     Mohammed Elzueir
>Release:        4.0-alpha
>Organization:
Arabeyes Project (http://www.arabeyes.org/)
>Environment:
Debian Linux (woody), i386.
>Description:
When the gnatsd.host_access access-level is set to 'view' (for example), and 
gnatsd.acess has users with various access-levels - only the access-level set 
on gnatsd.host_access prevail.

That does not appear to happen when the passwords are stored in clear-text (ie. 
$0$passme). If the passwords are encrypted, it fails to see the user 
access-level and defaults to gnatsd.host_acess settings.
>How-To-Repeat:
1. In /etc/gnats/gnatsd.host_access put:
127.0.0.1:view:

2. In /var/lib/gnats/gnats-db/gnats-adm/gnatsd.access put:
plainguy:$0$test:edit:default
cryptguy:4/1d3Y7NqgISI:admin:default

The cryptguy password is 'test'. 'plainguy' will have proper access-level, 
whereas 'cryptguy' will default to 'view'.


>Fix:
Unknown
>Unformatted:
reply via email to
[Prev in Thread] Current Thread [Next in Thread]