public inbox for gnats-prs@sourceware.org
help / color / mirror / Atom feed
* gnats/314: gnats.host_acess access-level overrides gnatsd.access settings
@ 2001-10-22  8:09 elzubeir
  2001-10-22  8:14 ` Yngve Svendsen
  0 siblings, 1 reply; 2+ messages in thread
From: elzubeir @ 2001-10-22  8:09 UTC (permalink / raw)
  To: pdm-gnats, gnats-prs, bug-gnats

>Number:         314
>Category:       gnats
>Synopsis:       gnats.host_acess access-level overrides gnatsd.access settings
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 20 17:45:58 -0500 2001
>Originator:     Mohammed Elzueir
>Release:        4.0-alpha
>Organization:
Arabeyes Project (http://www.arabeyes.org/)
>Environment:
Debian Linux (woody), i386.
>Description:
When the gnatsd.host_access access-level is set to 'view' (for example), and gnatsd.acess has users with various access-levels - only the access-level set on gnatsd.host_access prevail.

That does not appear to happen when the passwords are stored in clear-text (ie. $0$passme). If the passwords are encrypted, it fails to see the user access-level and defaults to gnatsd.host_acess settings.
>How-To-Repeat:
1. In /etc/gnats/gnatsd.host_access put:
127.0.0.1:view:

2. In /var/lib/gnats/gnats-db/gnats-adm/gnatsd.access put:
plainguy:$0$test:edit:default
cryptguy:4/1d3Y7NqgISI:admin:default

The cryptguy password is 'test'. 'plainguy' will have proper access-level, whereas 'cryptguy' will default to 'view'.


>Fix:
Unknown
>Unformatted:
 

_______________________________________________
Gnats-prs mailing list
Gnats-prs@gnu.org
http://mail.gnu.org/mailman/listinfo/gnats-prs


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2001-12-21 18:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-10-22  8:09 gnats/314: gnats.host_acess access-level overrides gnatsd.access settings elzubeir
2001-10-22  8:14 ` Yngve Svendsen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).