You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-user@jakarta.apache.org by Mark Papiani <mp...@hotmail.com> on 2001/05/29 15:56:28 UTC

locks and deleting files again

Furher to my previous email about slide allowing files locked by one user to 
be deleted by another user, I have more information on this problem.

I have switched to the MySQL stores from the Files stores.

I am using Slide 1.0.9, Tomcat 3.2.1, MySQL 3.23.38 on Solaris 2.6 Sparc.

I am using 2 different users: root and guest with Dav Explorer 0.71 or MS 
Web Folders as clients.

Again I can lock a file as guest and delete it as root. My 'locks' table in 
MySQL always shows that locks belong to subject /users/root regardless of 
who locks the file.

I manually changed the subject for a lock in MySQL to /users/guest but still 
root user could delete the file from Dav Explorer. Web Folders.

Sample MySQL output is shown below. Has anyone had similar experience or had 
locks working correctly?

Thanks
Mark
mysql -u root  -e 'select * from locks' myDB
+----------------------------------+------------------------+-----------
--+----------------+----------------+-------------+------------+
| id                               | object                 | subject
  | type           | expirationdate | inheritable | xexclusive |
+----------------------------------+------------------------+-----------
--+----------------+----------------+-------------+------------+
| 9352924c2d38e8e261a8740f8a5f8da4 | /files/License.txt     |
/users/root | /actions/write | 991229368331   |           1 |
1 |
| bc422cef51bda7706a32bb0e01d37cbc | /files/DAVExplorer.bat |
/users/root | /actions/write | 991228646162   |           1 |
1 |
| ade8034f4c5204cd3d048b277244b5ee | /files/Readme.txt      |
/users/root | /actions/write | 991229073884   |           1 |
1 |
+----------------------------------+------------------------+-----------
--+----------------+----------------+-------------+------------+


mysql -u MYslideuser -p -e 'update locks set subject="/users/guest"
where object="/files/License.txt"' myDB

mysql -u root  -e 'select * from locks' myDB
+----------------------------------+------------------------+-----------
---+----------------+----------------+-------------+------------+
| id                               | object                 | subject
   | type           | expirationdate | inheritable | xexclusive |
+----------------------------------+------------------------+-----------
---+----------------+----------------+-------------+------------+
| 9352924c2d38e8e261a8740f8a5f8da4 | /files/License.txt     |
/users/guest | /actions/write | 991229368331   |           1 |
1 |
| bc422cef51bda7706a32bb0e01d37cbc | /files/DAVExplorer.bat |
/users/root  | /actions/write | 991228646162   |           1 |
1 |
| ade8034f4c5204cd3d048b277244b5ee | /files/Readme.txt      |
/users/root  | /actions/write | 991229073884   |           1 |
1 |
+----------------------------------+------------------------+-----------
---+----------------+----------------+-------------+------------+


>From: "Remy Maucherat" <re...@apache.org>
>Reply-To: slide-user@jakarta.apache.org
>To: <sl...@jakarta.apache.org>
>Subject: Re: Can other users(roles) delete files locked by different user?
>Date: Wed, 23 May 2001 11:25:57 -0700
>
> > Hi,
> >
> > I am using 3 clients to my FileContentStore slide install - Dav 
>Explorer,
> > Web Folders, DreamWeaver.
> >
> > I have tried logging into the slide server as guest from one client and
>root
> > from another. I try locking a resource from my root user.
> >
> > I then try to delete the resource from my guest user client. The 
>resource
> > gets deleted. I did not expect this.
> >
> > I tried locking a resource from my guest logon and then use DavExplorer 
>to
> > get the lock properties. These said that the resource had been locked by
> > root not guest as per my logon. Is this why guest was able to delete a
> > resource locked by root? If so, any thoughts why my guest user looks 
>like
> > root? Some config files are shown below.
>
>Thanks for the report. I'll look into it.
>
>Remy
>

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Re: locks and deleting files again

Posted by Remy Maucherat <re...@apache.org>.

> Furher to my previous email about slide allowing files locked by one user
to
> be deleted by another user, I have more information on this problem.
>
> I have switched to the MySQL stores from the Files stores.
>
> I am using Slide 1.0.9, Tomcat 3.2.1, MySQL 3.23.38 on Solaris 2.6 Sparc.
>
> I am using 2 different users: root and guest with Dav Explorer 0.71 or MS
> Web Folders as clients.
>
> Again I can lock a file as guest and delete it as root. My 'locks' table
in
> MySQL always shows that locks belong to subject /users/root regardless of
> who locks the file.
>
> I manually changed the subject for a lock in MySQL to /users/guest but
still
> root user could delete the file from Dav Explorer. Web Folders.
>
> Sample MySQL output is shown below. Has anyone had similar experience or
had
> locks working correctly?

I tried it with the default configuration. If I log in as "john" (which is
one of the users defined), and lock something, the lock owner is /users/john
(at least with the memory store).
I checked the latest version of the JDBC store, and it looks ok.

There was some issues with DAV Explorer, which always attempts to steal
locks (by using a PROPFIND to get the token, then submitting it in the
DELETE).
See my commits yesterday for more details on these fixes.

I'll release a new 1.0.10 version to pick up those fixes (as well as a lot
of others).

Remy