[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnats/314: gnats.host_acess access-level overrides gnatsd.access setting
|
From: |
elzubeir |
|
Subject: |
gnats/314: gnats.host_acess access-level overrides gnatsd.access settings |
|
Date: |
Thu, 20 Dec 2001 17:45:59 -0500 |
>Number: 314
>Category: gnats
>Synopsis: gnats.host_acess access-level overrides gnatsd.access settings
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Dec 20 17:45:58 -0500 2001
>Originator: Mohammed Elzueir
>Release: 4.0-alpha
>Organization:
Arabeyes Project (http://www.arabeyes.org/)
>Environment:
Debian Linux (woody), i386.
>Description:
When the gnatsd.host_access access-level is set to 'view' (for example), and
gnatsd.acess has users with various access-levels - only the access-level set
on gnatsd.host_access prevail.
That does not appear to happen when the passwords are stored in clear-text (ie.
$0$passme). If the passwords are encrypted, it fails to see the user
access-level and defaults to gnatsd.host_acess settings.
>How-To-Repeat:
1. In /etc/gnats/gnatsd.host_access put:
127.0.0.1:view:
2. In /var/lib/gnats/gnats-db/gnats-adm/gnatsd.access put:
plainguy:$0$test:edit:default
cryptguy:4/1d3Y7NqgISI:admin:default
The cryptguy password is 'test'. 'plainguy' will have proper access-level,
whereas 'cryptguy' will default to 'view'.
>Fix:
Unknown
>Unformatted:
- gnats/314: gnats.host_acess access-level overrides gnatsd.access settings,
elzubeir <=