From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9551 invoked from network); 11 Feb 2004 18:17:40 -0000 Received: from unknown (HELO monty-python.gnu.org) (199.232.76.173) by sources.redhat.com with SMTP; 11 Feb 2004 18:17:40 -0000 Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1AqytN-0001TK-I3 for listarch-gnats-devel@sources.redhat.com; Wed, 11 Feb 2004 13:15:21 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1AqytC-0001L0-6j for help-gnats@gnu.org; Wed, 11 Feb 2004 13:15:10 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1AqysN-0008Bw-Q0 for help-gnats@gnu.org; Wed, 11 Feb 2004 13:14:52 -0500 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.24) id 1AqysK-0008BN-47 for help-gnats@gnu.org; Wed, 11 Feb 2004 13:14:16 -0500 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id i1BIECl95395; Wed, 11 Feb 2004 10:14:12 -0800 (PST) (envelope-from hatzis@juniper.net) Received: from juniper.net (ssh3.juniper.net [207.17.136.47]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id i1BIE6h30947; Wed, 11 Feb 2004 10:14:06 -0800 (PST) (envelope-from hatzis@juniper.net) Message-ID: <402A70C9.8040308@juniper.net> Date: Wed, 11 Feb 2004 18:17:00 -0000 From: Mel Hatzis User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Evan Lavelle References: <40290BDF.2000709@dsl.pipex.com> <200402110008.11154.Hans-Albert@HA-Schneider.de> <402A0387.9050403@dsl.pipex.com> In-Reply-To: <402A0387.9050403@dsl.pipex.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Hans-Albert Schneider , help-gnats@gnu.org Subject: Re: Access level problem on gnats 4.0 X-BeenThere: help-gnats@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: General discussion about GNU GNATS List-Archive: List-Post: List-Help: List-Subscribe: , Sender: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org Errors-To: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org X-SW-Source: 2004-q1/txt/msg00083.txt.bz2 Evan, ... On 02/11/2004 02:27 AM, Evan Lavelle submitted: > Thanks Mel/Hans-Albert - some more info below. I thought I had fixed the > access problem with the extra ':' in my user_access, but this actually > made no difference. > > I've got one local test database, on the same machine as the server. > '/usr/local/etc/gnats/databases' contains: > > default:Bug database:/usr/local/com/gnatsdb > test:test database:/home/evan/work/test/gnatsdb > > I've got one host_access file, and three user_access files, in these > locations: > > /usr/local/etc/gnats/defaults/gnatsd.user_access (this is empty) > /usr/local/etc/gnats/gnatsd.host_access > /usr/local/com/gnatsdb/gnats-adm/gnatsd.user_access > /home/evan/work/test/gnatsdb/gnats-adm/gnatsd.user_access This is an entirely reasonable setup....providing of course that the files are readable by the user running gnatsd. > > 'host_access' contains: > > [canonical-name]:admin: > *:none: The above looks good....with one caveat. If you wish to run gnatsd by hand (as appears to be the case), you should add an entry for "stdin". So, your host_access file should contain: [canonical-name]:admin: stdin:admin: *:none: I think this might be causing problem #1. > > [canonical-name] is my machine's full name from /etc/hosts; using either > the short name or 'localhost', or removing this line completely, makes > no difference. > > The two 'user_access' files currently contain: > > evan:$0$evan:admin: > *::none: The "none" entry is invalid. Try replacing it with: *:$0$:none: > I then set GNATSDB to 'test'. With this setup, I can use send-pr to > create a problem report in the 'test' database, and I can use query-pr > to view it, and edit-pr to edit it. I know that it's my local test > database, because 'query-pr --database test 1' shows the PR, but > 'query-pr --database default 1' shows nothing. > > PROBLEMS: > --------- > > 1) If I restart xinetd, and then run 'gnatsd' to administer the test > database, I can't get any permission above 'none': > > evan 113 > gnatsd > 200 [canonical-name] GNATS server 4.0 ready. > USER evan evan > 210-Now accessing GNATS database 'test' > 210 User access level set to 'none' > > I've tried different passwords, including none, and it makes no difference. > > 2) If I now login as another user (gnats), I can *still* edit the test > database using edit-pr. The permissions from the two access files appear > to be ignored when using edit-pr, send-pr, etc. Where are you logging in from? If it's from your "canonical-name" host, you are essentially granting "admin" access since your user_access file is ignored because of the missing "$0$" in the entry for "none". Hope this helps. -- Mel Hatzis _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://mail.gnu.org/mailman/listinfo/help-gnats