Re: Access level problem on gnats 4.0

[Mel Hatzis]

Evan, ...

On 02/11/2004 02:27 AM, Evan Lavelle submitted:
> Thanks Mel/Hans-Albert - some more info below. I thought I had fixed the 
> access problem with the extra ':' in my user_access, but this actually 
> made no difference.
>
> I've got one local test database, on the same machine as the server. 
> '/usr/local/etc/gnats/databases' contains:
>
> default:Bug database:/usr/local/com/gnatsdb
> test:test database:/home/evan/work/test/gnatsdb
>
> I've got one host_access file, and three user_access files, in these 
> locations:
>
> /usr/local/etc/gnats/defaults/gnatsd.user_access (this is empty)
> /usr/local/etc/gnats/gnatsd.host_access
> /usr/local/com/gnatsdb/gnats-adm/gnatsd.user_access
> /home/evan/work/test/gnatsdb/gnats-adm/gnatsd.user_access

This is an entirely reasonable setup....providing of course that
the files are readable by the user running gnatsd.

> 'host_access' contains:
>
> [canonical-name]:admin:
> *:none:

The above looks good....with one caveat. If you wish to run gnatsd
by hand (as appears to be the case), you should add an entry for
"stdin". So, your host_access file should contain:

[canonical-name]:admin:
stdin:admin:
*:none:

I think this might be causing problem #1.

> [canonical-name] is my machine's full name from /etc/hosts; using either 
> the short name or 'localhost', or removing this line completely, makes 
> no difference.
>
> The two 'user_access' files currently contain:
>
> evan:$0$evan:admin:
> *::none:

The "none" entry is invalid. Try replacing it with:

*:$0$:none:

> I then set GNATSDB to 'test'. With this setup, I can use send-pr to 
> create a problem report in the 'test' database, and I can use query-pr 
> to view it, and edit-pr to edit it. I know that it's my local test 
> database, because 'query-pr --database test 1' shows the PR, but 
> 'query-pr --database default 1' shows nothing.
>
> PROBLEMS:
> ---------
>
> 1) If I restart xinetd, and then run 'gnatsd' to administer the test 
> database, I can't get any permission above 'none':
>
> evan 113 > gnatsd
> 200 [canonical-name] GNATS server 4.0 ready.
> USER evan evan
> 210-Now accessing GNATS database 'test'
> 210 User access level set to 'none'
>
> I've tried different passwords, including none, and it makes no difference.
>
> 2) If I now login as another user (gnats), I can *still* edit the test 
> database using edit-pr. The permissions from the two access files appear 
> to be ignored when using edit-pr, send-pr, etc.

Where are you logging in from? If it's from your "canonical-name" host,
you are essentially granting "admin" access since your user_access file
is ignored because of the missing "$0$" in the entry for "none".

Hope this helps.

--
Mel Hatzis