Opened 16 years ago

Last modified 16 years ago

#336 closed Bug report

Server 0.8.3: user can delete empty dirs w/o permission

Reported by: ruisa Owned by:
Priority: high Component: Other
Keywords: Cc: ruisa, Tim Kosse
Component version: Operating system type:
Operating system version:

Description

Having setup a user with only permission to read files
and list directories/subdirs, this user can still DELETE
directories on the server as long as they are empty.

If I have an elaborate structure of directories on my
server that for some reason are temporarily empty, any
user can DELETE this whole directory structure without
having permission to do so as a result of this bug.

Change History (3)

comment:1 Changed 16 years ago by ruisa

Sorry, this was with 0.8.4 beta, didn't try it on 0.8.3.

comment:2 Changed 16 years ago by Tim Kosse

Thanks for reporting this problem. It looks like it only appears
if not using relative paths, maybe that's why this bug could
slip through my tests.
Expect a fixed version to be released later this weekend.

comment:3 Changed 16 years ago by Tim Kosse

fixed in 0.8.5

Note: See TracTickets for help on using tickets.