[PR #619] [MERGED] fix: perms on dufs -A -a @/:ro #659

New Issue

Closed

opened 2026-04-08 16:53:51 +03:00 by zhus · 0 comments

zhus commented 2026-04-08 16:53:51 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/sigoden/dufs/pull/619
Author: @sigoden
Created: 8/19/2025
Status: ✅ Merged
Merged: 8/19/2025
Merged by: @sigoden

Base: main ← Head: fix

---

📝 Commits (1)

• 8ca6067 fix: perms on dufs -A -a @/:ro

📊 Changes

3 files changed (+26 additions, -5 deletions)

View changed files

📝 src/auth.rs (+6 -3)
📝 src/server.rs (+2 -2)
📝 tests/auth.rs (+18 -0)

📄 Description

This bug let annoymous user has read-write permissions.

To trigger this bug, the following conditions must be met:

• The -A or --allow-upload/--allow-delete parameter must be present.
• Only -a @/:ro is set to specify anonymous readonly permission, without any users provided.

The bug was introduced by #497.

Relate to #617.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/sigoden/dufs/pull/619 **Author:** [@sigoden](https://github.com/sigoden) **Created:** 8/19/2025 **Status:** ✅ Merged **Merged:** 8/19/2025 **Merged by:** [@sigoden](https://github.com/sigoden) **Base:** `main` ← **Head:** `fix` --- ### 📝 Commits (1) - [`8ca6067`](https://github.com/sigoden/dufs/commit/8ca6067ed20f9d9280414bd83165a271e065184d) fix: perms on `dufs -A -a @/:ro` ### 📊 Changes **3 files changed** (+26 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `src/auth.rs` (+6 -3) 📝 `src/server.rs` (+2 -2) 📝 `tests/auth.rs` (+18 -0) </details> ### 📄 Description This bug let annoymous user has read-write permissions. To trigger this bug, the following conditions must be met: - The `-A` or `--allow-upload/--allow-delete` parameter must be present. - Only `-a @/:ro` is set to specify anonymous readonly permission, without any users provided. The bug was introduced by #497. Relate to #617. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

zhus added the pull-request label 2026-04-08 16:53:51 +03:00

zhus closed this issue 2026-04-08 16:53:51 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

chore-release

v0.46.0-rc1

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.0

v0.35.0

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.0

v0.27.0

v0.26.0

v0.25.0

v0.24.0

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.17.1

v0.17.0

v0.16.0

v0.15.1

v0.15.0

v0.14.0

v0.13.2

v0.13.1

v0.13.0

v0.12.1

v0.11.0

v0.10.1

v0.10.0

v0.9.0

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.1

v0.2.0

v0.1.0

Labels

Clear labels

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

zhus

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: sigoden/dufs#659