[JIRA] (JENKINS-17081) Permission "hudson.model.Item.Read:anonymous" coming from nowhere

[jose.rob...@gmail.com (JIRA)]

José Roberto A. JR. created JENKINS-17081 Permission "hudson.model.Item.Read:anonymous" coming from nowhere Issue Type: Bug Affects Versions: current Assignee: Unassigned Attachments: 1-after-save.png, 2-click-reload.png, 3-after-reload.png Components: security Created: 05/Mar/13 5:51 PM Description: Steps to reproduce: 1. Go to the Configure Global Security screen (http://server/jenkins/configureSecurity/) and choose "enable security" 2. Select "Jenkins's own user database" as the security realm 3. Select "Project-based Matrix Authorization Strategy" as the authorization 4. Give anonymous user the read access to overall 5. In the text box below the table, type in your user name and click "add" 6. Give yourself a full access by checking the entire row for your user name 7. Scroll all the way to the bottom, click "save" Now, you have access to all projects and anonymous users have access to specific projects, the config.xml will have: <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy"> <permission>hudson.model.Computer.Configure:jose.rob.jr</permission> <permission>hudson.model.Computer.Connect:jose.rob.jr</permission> <permission>hudson.model.Computer.Create:jose.rob.jr</permission> <permission>hudson.model.Computer.Delete:jose.rob.jr</permission> <permission>hudson.model.Computer.Disconnect:jose.rob.jr</permission> <permission>hudson.model.Hudson.Administer:jose.rob.jr</permission> <permission>hudson.model.Hudson.ConfigureUpdateCenter:jose.rob.jr</permission> <permission>hudson.model.Hudson.Read:anonymous</permission> <permission>hudson.model.Hudson.Read:jose.rob.jr</permission> <permission>hudson.model.Hudson.RunScripts:jose.rob.jr</permission> <permission>hudson.model.Hudson.UploadPlugins:jose.rob.jr</permission> <permission>hudson.model.Item.Build:jose.rob.jr</permission> <permission>hudson.model.Item.Cancel:jose.rob.jr</permission> <permission>hudson.model.Item.Configure:jose.rob.jr</permission> <permission>hudson.model.Item.Create:jose.rob.jr</permission> <permission>hudson.model.Item.Delete:jose.rob.jr</permission> <permission>hudson.model.Item.Discover:jose.rob.jr</permission> <permission>hudson.model.Item.Read:jose.rob.jr</permission> <permission>hudson.model.Item.Workspace:jose.rob.jr</permission> <permission>hudson.model.Run.Delete:jose.rob.jr</permission> <permission>hudson.model.Run.Update:jose.rob.jr</permission> <permission>hudson.model.View.Configure:jose.rob.jr</permission> <permission>hudson.model.View.Create:jose.rob.jr</permission> <permission>hudson.model.View.Delete:jose.rob.jr</permission> <permission>hudson.model.View.Read:jose.rob.jr</permission> <permission>hudson.scm.SCM.Tag:jose.rob.jr</permission> </authorizationStrategy> Go to jenkin management screen (http://server/jenkins/manage) and click "Reload configs from disk" After it finishes anonymous users can now access all projects, if you go to the Configure Global Security screen you'll see that anonymous task read is checked If you save again without changing anything, the config.xml will have: <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy"> <permission>hudson.model.Computer.Configure:jose.rob.jr</permission> <permission>hudson.model.Computer.Connect:jose.rob.jr</permission> <permission>hudson.model.Computer.Create:jose.rob.jr</permission> <permission>hudson.model.Computer.Delete:jose.rob.jr</permission> <permission>hudson.model.Computer.Disconnect:jose.rob.jr</permission> <permission>hudson.model.Hudson.Administer:jose.rob.jr</permission> <permission>hudson.model.Hudson.ConfigureUpdateCenter:jose.rob.jr</permission> <permission>hudson.model.Hudson.Read:anonymous</permission> <permission>hudson.model.Hudson.Read:jose.rob.jr</permission> <permission>hudson.model.Hudson.RunScripts:jose.rob.jr</permission> <permission>hudson.model.Hudson.UploadPlugins:jose.rob.jr</permission> <permission>hudson.model.Item.Build:jose.rob.jr</permission> <permission>hudson.model.Item.Cancel:jose.rob.jr</permission> <permission>hudson.model.Item.Configure:jose.rob.jr</permission> <permission>hudson.model.Item.Create:jose.rob.jr</permission> <permission>hudson.model.Item.Delete:jose.rob.jr</permission> <permission>hudson.model.Item.Discover:jose.rob.jr</permission> <permission>hudson.model.Item.Read:anonymous</permission> <permission>hudson.model.Item.Read:jose.rob.jr</permission> <permission>hudson.model.Item.Workspace:jose.rob.jr</permission> <permission>hudson.model.Run.Delete:jose.rob.jr</permission> <permission>hudson.model.Run.Update:jose.rob.jr</permission> <permission>hudson.model.View.Configure:jose.rob.jr</permission> <permission>hudson.model.View.Create:jose.rob.jr</permission> <permission>hudson.model.View.Delete:jose.rob.jr</permission> <permission>hudson.model.View.Read:jose.rob.jr</permission> <permission>hudson.scm.SCM.Tag:jose.rob.jr</permission> </authorizationStrategy> that line is being injected when jenkin load the config.xml: <permission>hudson.model.Item.Read:anonymous</permission> Environment: linux (centos 5.6) Project: Jenkins Labels: jenkins configuration config security matrix Priority: Major Reporter: José Roberto A. JR.

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.