Opened 22 years ago
Last modified 22 years ago
#336 closed Bug report
Server 0.8.3: user can delete empty dirs w/o permission
Reported by: | ruisa | Owned by: | |
---|---|---|---|
Priority: | high | Component: | Other |
Keywords: | Cc: | ruisa, Tim Kosse | |
Component version: | Operating system type: | ||
Operating system version: |
Description
Having setup a user with only permission to read files
and list directories/subdirs, this user can still DELETE
directories on the server as long as they are empty.
If I have an elaborate structure of directories on my
server that for some reason are temporarily empty, any
user can DELETE this whole directory structure without
having permission to do so as a result of this bug.
Change History (3)
comment:1 by , 22 years ago
comment:2 by , 22 years ago
Thanks for reporting this problem. It looks like it only appears
if not using relative paths, maybe that's why this bug could
slip through my tests.
Expect a fixed version to be released later this weekend.
Sorry, this was with 0.8.4 beta, didn't try it on 0.8.3.