[GH-ISSUE #455] Separate Anonymous User Authorization #247

New Issue

zhus · 2026-04-08T16:51:28+03:00

zhus commented

2026-04-08 16:51:28 +03:00

Originally created by @006hjy on GitHub (Sep 12, 2024).
Original GitHub issue: https://github.com/sigoden/dufs/issues/455

Feature Request: Separate Anonymous User Authorization

Dear dufs developers,

I would like to propose a feature enhancement to improve the authorization system in dufs, specifically regarding anonymous user access.

Currently, the "@" symbol in the authorization configuration represents all users, including both anonymous and authenticated users. This approach can lead to unintended consequences in many scenarios. For instance, when setting read-only permissions for a directory using the "@" symbol, it affects all users, requiring additional configuration for authenticated users to grant them read-write access.

To address this issue, I suggest implementing a dedicated username for anonymous users: "anonymous". This aligns with the default anonymous username used in WebDAV systems. By doing so, we can achieve the following benefits:

Separation of concerns: Authorization for anonymous users can be isolated from authenticated users, preventing unintended permission overlaps.
Improved granularity: Administrators can set specific permissions for anonymous users without affecting authenticated users' access rights.
Consistency with web login: The username for anonymous users accessing via web interface could also be set to "anonymous", providing a uniform approach across different access methods.

Example of proposed syntax:

auth:
  - "anonymous@/:ro,/public:rw"
  - "user1:password1@/:rw"
  - "user2:password2@/:rw"

In this example, anonymous users would have read-only access to the root directory and read-write access to the /public directory, while authenticated users (user1 and user2) would have full read-write access to all directories.

It seems that dufs currently does not support setting empty passwords for specific users. If a user is configured with an empty password, it appears to cause login issues on the web interface. This might be a limitation in the current authentication system, which likely expects non-empty passwords for security purposes.

This change would significantly enhance the flexibility and intuitiveness of dufs's authorization system, making it easier for administrators to set up secure and efficient file-sharing environments.

Thank you for considering this feature request. I believe it would greatly improve the user experience and security of dufs.

Sincerely
006hjy

Originally created by @006hjy on GitHub (Sep 12, 2024). Original GitHub issue: https://github.com/sigoden/dufs/issues/455 Feature Request: Separate Anonymous User Authorization Dear dufs developers, I would like to propose a feature enhancement to improve the authorization system in dufs, specifically regarding anonymous user access. Currently, the "@" symbol in the authorization configuration represents all users, including both anonymous and authenticated users. This approach can lead to unintended consequences in many scenarios. For instance, when setting read-only permissions for a directory using the "@" symbol, it affects all users, requiring additional configuration for authenticated users to grant them read-write access. To address this issue, I suggest implementing a dedicated username for anonymous users: "anonymous". This aligns with the default anonymous username used in WebDAV systems. By doing so, we can achieve the following benefits: 1. Separation of concerns: Authorization for anonymous users can be isolated from authenticated users, preventing unintended permission overlaps. 2. Improved granularity: Administrators can set specific permissions for anonymous users without affecting authenticated users' access rights. 3. Consistency with web login: The username for anonymous users accessing via web interface could also be set to "anonymous", providing a uniform approach across different access methods. Example of proposed syntax: ```yaml auth: - "anonymous@/:ro,/public:rw" - "user1:password1@/:rw" - "user2:password2@/:rw" ``` In this example, anonymous users would have read-only access to the root directory and read-write access to the /public directory, while authenticated users (user1 and user2) would have full read-write access to all directories. It seems that dufs currently does not support setting empty passwords for specific users. If a user is configured with an empty password, it appears to cause login issues on the web interface. This might be a limitation in the current authentication system, which likely expects non-empty passwords for security purposes. This change would significantly enhance the flexibility and intuitiveness of dufs's authorization system, making it easier for administrators to set up secure and efficient file-sharing environments. Thank you for considering this feature request. I believe it would greatly improve the user experience and security of dufs. Sincerely 006hjy

zhus closed this issue

2026-04-08 16:51:28 +03:00

zhus commented

2026-04-08 16:51:29 +03:00

@sigoden commented on GitHub (Sep 12, 2024):

We will not support this feature.

Your solution is weird and hacky. The current strategy of dufs is better.

@sigoden commented on GitHub (Sep 12, 2024): We will not support this feature. Your solution is weird and hacky. The current strategy of dufs is better.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sigoden/dufs#247