Access level problem on gnats 4.0

Access level problem on gnats 4.0

[Evan Lavelle]

I've just installed gnats 4.0 and I'm having a problem getting access to 
a database. This is a single machine (RH7.2), single-user trial setup, 
using gnatsd. 'host_access' contains:

localhost:admin:
*:listdb:

query-pr gives me an 'acess denied' message, and USER says that my 
access level is 'listdb'. If I remove the '*:listdb:' entry then I don't 
get any permissions at all. I've tried variations on 'localhost', and 
tried 'edit' instead of 'admin', but nothing gives me an access level 
above listdb.

I've also tried creating a 'user_access' which contains the single line

evan::admin

but this doesn't make any difference. I know that gnatsd is successfully 
restaring because removing the '*:listdb:' line lowers the permissions.

Any ideas?

Thanks -

Evan




_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats

Re: Access level problem on gnats 4.0

[Evan Lavelle]

Ok, getting there, very slowly...

if I change

> evan::admin

to 'evan::admin:' then at least I can (I think) get access to a database.

Next question: there's a tkgnats in the 'contrib' directory, but it 
doesn't seem to work. When you start it up it tries to exec 'query-pr 
--list-class', and this doesn't seem to be a supported option for 
query-pr. The emacs mode also seems to be broken; it wants to do 
'query-pr --directory', which doesn't seem to be a supported option 
either. Are there versions of tkgnats and the emacs mode for gnats 4.0?

Thanks

Evan



_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats

Re: Access level problem on gnats 4.0

[Mel Hatzis]

Hi Evan, ...

On 02/10/2004 08:50 AM, Evan Lavelle submitted:
> I've just installed gnats 4.0 and I'm having a problem getting access to 
> a database. This is a single machine (RH7.2), single-user trial setup, 
> using gnatsd. 'host_access' contains:
> 
> localhost:admin:
> *:listdb:

There are two locations where you can place the "access" files:

   1. <instdir>/etc/gnats/

   2. <dbdir>/gnats-adm/

Check for a gnatsd.user_access file in both locations. Note that
the one in the <dbdir> will override the one in <instdir>.

> 
> query-pr gives me an 'acess denied' message, and USER says that my 
> access level is 'listdb'. If I remove the '*:listdb:' entry then I don't 
> get any permissions at all. I've tried variations on 'localhost', and 
> tried 'edit' instead of 'admin', but nothing gives me an access level 
> above listdb.
> 
> I've also tried creating a 'user_access' which contains the single line
> 
> evan::admin

The syntax of the gnatsd.user_access file has changed some.
You should use the following equivalent:

evan:$0$:admin:

> 
> but this doesn't make any difference. I know that gnatsd is successfully 
> restaring because removing the '*:listdb:' line lowers the permissions.
> 
> Any ideas?

Hope this helps.

--
Mel Hatzis


_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats

Re: Access level problem on gnats 4.0

[Hans-Albert Schneider]

-----BEGIN PGP SIGNED MESSAGE-----

On Tuesday 10 February 2004 17:50, Evan Lavelle wrote:
> I've just installed gnats 4.0 and I'm having a problem getting
> access to a database. This is a single machine (RH7.2), single-user
> trial setup, using gnatsd. 'host_access' contains:
>
> localhost:admin:
> *:listdb:

A first guess:

Copy the "localhost" line, replacing "localhost" by the hostname of 
your machine.  This must be the "canonical" hostname, i.e., the first 
one listed for its IP address in /etc/hosts.

If this does not help, please come back to the list with some more 
information, especially tell us the complete invocation of query-pr, 
and the contents of your databases file (as this is where query-pr 
looks for information on how to contact the database).


Hans-Albert
- -- 
Hans-Albert Schneider
Munich, Germany
EMail: Hans-Albert@HA-Schneider.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iQEVAwUBQClkV75/YryrhGWVAQF1rQf+Jp2qyZZZ1eZJGQ83TroCKQYlahN2JaM6
2/aBILHtPYXCLd1DBymGDYqqlHYwZ0S1XtK6s0+hYZEI5cUzVra2DTtxsLPpLeRO
/st+sjVbA5xEMlae7aK8G6eTSxr1lgwxd1M2yOyFFlTX9lHka4Qb8aW2uFeFzAsB
hLn/cBIet612LT4iBBC3nuEY7Pbkwt2Ak2cU/M62Zcvixn1AwIoTxEX95LrwhrJn
VBQQWQF3Qa33DO3rL7TvfkbpTtrbOJQBUtiZjOjlZ2JY7Nh8DA/cCNe5q3x5PEKT
QpJOK0d/zJtGOC0zXnJZWeQbfPo+PmgZMVshPK7u1b4076eIhBcnmw==
=SpRY
-----END PGP SIGNATURE-----


_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats

Re: Access level problem on gnats 4.0

[Evan Lavelle]

Thanks Mel/Hans-Albert - some more info below. I thought I had fixed the 
access problem with the extra ':' in my user_access, but this actually 
made no difference.

I've got one local test database, on the same machine as the server. 
'/usr/local/etc/gnats/databases' contains:

default:Bug database:/usr/local/com/gnatsdb
test:test database:/home/evan/work/test/gnatsdb

I've got one host_access file, and three user_access files, in these 
locations:

/usr/local/etc/gnats/defaults/gnatsd.user_access (this is empty)
/usr/local/etc/gnats/gnatsd.host_access
/usr/local/com/gnatsdb/gnats-adm/gnatsd.user_access
/home/evan/work/test/gnatsdb/gnats-adm/gnatsd.user_access

'host_access' contains:

[canonical-name]:admin:
*:none:

[canonical-name] is my machine's full name from /etc/hosts; using either 
the short name or 'localhost', or removing this line completely, makes 
no difference.

The two 'user_access' files currently contain:

evan:$0$evan:admin:
*::none:

I then set GNATSDB to 'test'. With this setup, I can use send-pr to 
create a problem report in the 'test' database, and I can use query-pr 
to view it, and edit-pr to edit it. I know that it's my local test 
database, because 'query-pr --database test 1' shows the PR, but 
'query-pr --database default 1' shows nothing.

PROBLEMS:
---------

1) If I restart xinetd, and then run 'gnatsd' to administer the test 
database, I can't get any permission above 'none':

evan 113 > gnatsd
200 [canonical-name] GNATS server 4.0 ready.
USER evan evan
210-Now accessing GNATS database 'test'
210 User access level set to 'none'

I've tried different passwords, including none, and it makes no difference.

2) If I now login as another user (gnats), I can *still* edit the test 
database using edit-pr. The permissions from the two access files appear 
to be ignored when using edit-pr, send-pr, etc.

Any ideas?

Many thanks

Evan



_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats

Re: Access level problem on gnats 4.0

[Mel Hatzis]

Evan, ...

On 02/11/2004 02:27 AM, Evan Lavelle submitted:
> Thanks Mel/Hans-Albert - some more info below. I thought I had fixed the 
> access problem with the extra ':' in my user_access, but this actually 
> made no difference.
> 
> I've got one local test database, on the same machine as the server. 
> '/usr/local/etc/gnats/databases' contains:
> 
> default:Bug database:/usr/local/com/gnatsdb
> test:test database:/home/evan/work/test/gnatsdb
> 
> I've got one host_access file, and three user_access files, in these 
> locations:
> 
> /usr/local/etc/gnats/defaults/gnatsd.user_access (this is empty)
> /usr/local/etc/gnats/gnatsd.host_access
> /usr/local/com/gnatsdb/gnats-adm/gnatsd.user_access
> /home/evan/work/test/gnatsdb/gnats-adm/gnatsd.user_access

This is an entirely reasonable setup....providing of course that
the files are readable by the user running gnatsd.

> 
> 'host_access' contains:
> 
> [canonical-name]:admin:
> *:none:

The above looks good....with one caveat. If you wish to run gnatsd
by hand (as appears to be the case), you should add an entry for
"stdin". So, your host_access file should contain:

[canonical-name]:admin:
stdin:admin:
*:none:

I think this might be causing problem #1.

> 
> [canonical-name] is my machine's full name from /etc/hosts; using either 
> the short name or 'localhost', or removing this line completely, makes 
> no difference.
> 
> The two 'user_access' files currently contain:
> 
> evan:$0$evan:admin:
> *::none:

The "none" entry is invalid. Try replacing it with:

*:$0$:none:

> I then set GNATSDB to 'test'. With this setup, I can use send-pr to 
> create a problem report in the 'test' database, and I can use query-pr 
> to view it, and edit-pr to edit it. I know that it's my local test 
> database, because 'query-pr --database test 1' shows the PR, but 
> 'query-pr --database default 1' shows nothing.
> 
> PROBLEMS:
> ---------
> 
> 1) If I restart xinetd, and then run 'gnatsd' to administer the test 
> database, I can't get any permission above 'none':
> 
> evan 113 > gnatsd
> 200 [canonical-name] GNATS server 4.0 ready.
> USER evan evan
> 210-Now accessing GNATS database 'test'
> 210 User access level set to 'none'
> 
> I've tried different passwords, including none, and it makes no difference.
> 
> 2) If I now login as another user (gnats), I can *still* edit the test 
> database using edit-pr. The permissions from the two access files appear 
> to be ignored when using edit-pr, send-pr, etc.

Where are you logging in from? If it's from your "canonical-name" host,
you are essentially granting "admin" access since your user_access file
is ignored because of the missing "$0$" in the entry for "none".

Hope this helps.

--
Mel Hatzis


_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats