From mboxrd@z Thu Jan 1 00:00:00 1970 From: Milan Zamazal To: Peter Novodvorsky Cc: gnats-devel@sources.redhat.com Subject: Re: access control (was Re: modular database backends) Date: Mon, 11 Jun 2001 11:53:00 -0000 Message-id: <87n17fysfn.fsf@blackbird.zamazal.org> References: <7xr8xaac5q.fsf@lambda.novdv.ru> X-SW-Source: 2001-q2/msg00162.html >>>>> "PN" == Peter Novodvorsky writes: PN> 1). i don't like that client can pass without authentication PN> phase. If he want to login as anonymous, he has to do it. IE, PN> USER anonymous nidd@altlinux.ru Hm, are there any *real* benefits of this except it's annoying during debugging? :-) PN> 2). I don't like that check of user/password is made by gnatsd PN> and not by "database driver". I mean that function that PN> authentificates user isn't called by init_gnats that actually PN> connects to database, but after it. Access control is done by PN> gnatsd, and not by database driver. IMO this is implied by the fact that there are actually several authentication methods in GNATS. The "built-in" methods are file system permissions and the gnatsd mechanism. Since gnatsd is supposed to be the only method of accessing GNATS through network, I can't see anything much wrong in that gnatsd performs *the* authentication. PN> 3). There is no access control for query-pr, send-pr and PN> edit-pr. This is close to the subject of 2)., because PN> authentification is made on the side of client, not on the side PN> of database. I'd consider this a feature. It's sometimes useful to be able to access GNATS data based on the file system permissions. If you don't like that, simply chmod go-rwx the database directory and force users to access the database via query-pr etc. connections to localhost, thus moving the authentication to gnatsd (single place). PN> 4). I want that some bugs can be edited only by group of PN> developers. It can't be done in current version. I think this complaint is legitimate. PN> Is it enough? ;-) Pardon my ignorance. :-) Generally, I'd be curious whether your problems come from a real experience or you just think only on a theoretical level. My experience with running BTS is that the more access control the more problems (the first one being users don't bother to use the BTS). There is no access control in the Debian BTS and it works well. In one company I used GNATS we had simply full intranet access and in another one we had to introduce more regulations to protect the system from incompetent people (but the incompetence was a problem itself and I had to leave the company because it annoyed me too much). I don't say some things shouldn't be improved but it's a low priority issue for me. For instance, I consider the modular database backends problem much more important and useful than the access control features. Regards, Milan Zamazal -- It's amazing how much better you feel once you've given up hope. (unknown source)