sigoden/dufs
1
0
Fork 0
mirror of https://github.com/sigoden/dufs.git synced 2026-04-08 16:49:02 +03:00
Code Issues 8 Packages Projects Releases 10 Wiki Activity

[GH-ISSUE #552] 用户权限问题 #327

New Issue
Closed
opened 2026-04-08 16:52:02 +03:00 by zhus · 3 comments
zhus commented 2026-04-08 16:52:02 +03:00
Owner
Copy Link

Originally created by @DanielZWX on GitHub (Feb 25, 2025).
Original GitHub issue: https://github.com/sigoden/dufs/issues/552

Problem

我的配置文件如下:

serve-path: '/mnt/vdb/alistroot'
bind: 0.0.0.0
port: 5000
path-prefix: /dufs
hidden:
  - tmp
  - '*.log'
  - '*.lock'
auth:
  - admin:admin@/:rw
  - class1admin:pass@/class1:rw
  - class1user:pass@/class1:ro
  - class2admin:pass@/class2:rw
  - class2user:pass@/class2:ro
  - class3admin:pass@/class3:rw
  - class3user:pass@/class3:ro
allow-all: false
allow-upload: true
allow-delete: true
allow-search: true
allow-symlink: true
allow-archive: true
enable-cors: true
render-index: true
render-try-index: true
render-spa: true
log-format: '$remote_addr "$request" $status $http_user_agent'
compress: low

(运行DUFS 的服务器地址为172.16.11.194),在客户端(ubuntu 22.04)下运行以下指令(认证用户 3 却去下载用户 2 目录下的文件)
curl http://172.16.11.194:5000/dufs/class2/class2zip -o ./class2.zip --user class3user:pass

期望下载失败,但却能成功!

Environment Information

  • Dufs version: 0.43.0
  • Browser/Webdav info:
  • OS info: Ubuntu 22.04 Server
  • Proxy server (if any): None
Originally created by @DanielZWX on GitHub (Feb 25, 2025). Original GitHub issue: https://github.com/sigoden/dufs/issues/552 **Problem** 我的配置文件如下: ``` serve-path: '/mnt/vdb/alistroot' bind: 0.0.0.0 port: 5000 path-prefix: /dufs hidden: - tmp - '*.log' - '*.lock' auth: - admin:admin@/:rw - class1admin:pass@/class1:rw - class1user:pass@/class1:ro - class2admin:pass@/class2:rw - class2user:pass@/class2:ro - class3admin:pass@/class3:rw - class3user:pass@/class3:ro allow-all: false allow-upload: true allow-delete: true allow-search: true allow-symlink: true allow-archive: true enable-cors: true render-index: true render-try-index: true render-spa: true log-format: '$remote_addr "$request" $status $http_user_agent' compress: low ``` (运行DUFS 的服务器地址为172.16.11.194),在客户端(ubuntu 22.04)下运行以下指令(认证用户 3 却去下载用户 2 目录下的文件) `curl http://172.16.11.194:5000/dufs/class2/class2zip -o ./class2.zip --user class3user:pass` 期望下载失败,但却能成功! **Environment Information** - Dufs version: 0.43.0 - Browser/Webdav info: - OS info: Ubuntu 22.04 Server - Proxy server (if any): <!-- e.g. nginx, cloudflare --> None
zhus closed this issue 2026-04-08 16:52:02 +03:00
zhus commented 2026-04-08 16:52:03 +03:00
Author
Owner
Copy Link

@sigoden commented on GitHub (Feb 25, 2025):

Cannot confirm the bug.

How stupid I am to actually test according to your configuration. dufs has complete tests, it is impossible for such a low-level error to occur.

<!-- gh-comment-id:2681032602 --> @sigoden commented on GitHub (Feb 25, 2025): Cannot confirm the bug. How stupid I am to actually test according to your configuration. dufs has complete tests, it is impossible for such a low-level error to occur.
zhus commented 2026-04-08 16:52:03 +03:00
Author
Owner
Copy Link

@DanielZWX commented on GitHub (Feb 25, 2025):

是的,你是对的,权限没问题。

是服务器返回了 "Forbidden",curl 命令将返回的信息保存为指定的文件了,使我误以为下载成功了。

kk@test-KVM:~/Downloads$ curl http://172.16.11.194:5000/dufs/class2/class2zip -o ./class2.zip --user class3user:pass
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100     9  100     9    0     0   9000      0 --:--:-- --:--:-- --:--:--  9000
kk@test-KVM:~/Downloads$ ll
total 951192
drwxr-xr-x  2 kk kk      4096 2月  25 17:16 ./
drwxr-xr-x 18 kk kk      4096 2月  10 21:11 ../
-rw-rw-r--  1 kk kk         9 2月  25 17:16 class2.zip
-rw-rw-r--  1 kk kk 974002355 10月 10 18:53 hadoop-3.4.1.tar.gz
kk@test-KVM:~/Downloads$ cat class2.zip 
Forbidden
kk@test-KVM:~/Downloads$

抱歉浪费你时间了

<!-- gh-comment-id:2681257109 --> @DanielZWX commented on GitHub (Feb 25, 2025): 是的,你是对的,权限没问题。 是服务器返回了 "Forbidden",curl 命令将返回的信息保存为指定的文件了,使我误以为下载成功了。 ```shell kk@test-KVM:~/Downloads$ curl http://172.16.11.194:5000/dufs/class2/class2zip -o ./class2.zip --user class3user:pass % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 9 100 9 0 0 9000 0 --:--:-- --:--:-- --:--:-- 9000 kk@test-KVM:~/Downloads$ ll total 951192 drwxr-xr-x 2 kk kk 4096 2月 25 17:16 ./ drwxr-xr-x 18 kk kk 4096 2月 10 21:11 ../ -rw-rw-r-- 1 kk kk 9 2月 25 17:16 class2.zip -rw-rw-r-- 1 kk kk 974002355 10月 10 18:53 hadoop-3.4.1.tar.gz kk@test-KVM:~/Downloads$ cat class2.zip Forbidden kk@test-KVM:~/Downloads$ ``` 抱歉浪费你时间了
zhus commented 2026-04-08 16:52:03 +03:00
Author
Owner
Copy Link

@DanielZWX commented on GitHub (Feb 25, 2025):

curl --fail http://172.16.11.194:5000/dufs/class2/class2zip -o ./class2.zip --user class3user:pass
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 403 Forbidden

在指令中加个 --fail 选项可避免上面的情况

<!-- gh-comment-id:2681387657 --> @DanielZWX commented on GitHub (Feb 25, 2025): `curl --fail http://172.16.11.194:5000/dufs/class2/class2zip -o ./class2.zip --user class3user:pass ` % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 403 Forbidden 在指令中加个 **--fail** 选项可避免上面的情况
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
zhus
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sigoden/dufs#327
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?