EdDev Posted August 1, 2012 Report Share Posted August 1, 2012 Hello there, Did a bad thing this morning and played around with the permissions. What I tried to do, is to create a group with Build Manager permissions (ALL enabled) and remove some basic permissions from the "ALL" default group. Well... this was a very bad move, as I cannot access these permissions anymore through my new group. My questions are: 1. What have I done wrong? 2. Is there a way to get it back to the original state in terms of permissions to the "ALL" group? DB Hack? Thanks, Ed. Here are the settings: Users set at the server: vcs@e-vcs-server:~$ sudo umtool lu eddev shaym buildmng vcs@e-vcs-server:~$ sudo umtool lg developer buildmanager vcs@e-vcs-server:~$ sudo umtool lgm buildmanager eddev buildmng ACL as seen from the client: $ cm sa repserver:e-vcs-server:8087 ACL: 0 User Permission Allowed Denied InheritedFrom ALL USERS applyattr Yes -- ALL USERS applylabel Yes -- ALL USERS applylink Yes -- ALL USERS changecomment Yes -- ALL USERS chgowner Yes -- ALL USERS chgperm Yes -- ALL USERS ci Yes -- ALL USERS co Yes -- ALL USERS mergefrom Yes -- ALL USERS mkaction Yes -- ALL USERS mkattr Yes -- ALL USERS mkbranch Yes -- ALL USERS mkchildbranch Yes -- ALL USERS mkitem Yes -- ALL USERS mklabel Yes -- ALL USERS mklink Yes -- ALL USERS mkrepository Yes -- ALL USERS mkrevision Yes -- ALL USERS read Yes -- ALL USERS rename Yes -- ALL USERS replicate Yes -- ALL USERS rm Yes -- ALL USERS unco Yes -- ALL USERS view Yes -- buildmanagerall Yes -- Problem of not having permission: (client user is eddev or buildmng) cm acl -user=eddev -allowed=+all repserver:e-vcs-server:8087 You don't have permissions for operation chgperm. Link to comment Share on other sites More sharing options...
manu Posted August 1, 2012 Report Share Posted August 1, 2012 Hi! can you please issue the following command and try again your permissions modification? cm setowner -user=YourPlasticUser repserver:YourPlasticServerIP:8087 Link to comment Share on other sites More sharing options...
EdDev Posted August 1, 2012 Author Report Share Posted August 1, 2012 Hello, It did not work (no permission as well, as I removed it as well from "ALL"), however I eventually hacked my way out of this through direct DB manipulation. I managed to move the server owner from "ALL" to my user and from there it all opened up. Seems to me like the OWNER is overloading any other user/group, and as the default server owner is "ALL USERS", reducing it's rights without changing the owner before that is a "dead lock". Link to comment Share on other sites More sharing options...
manu Posted August 6, 2012 Report Share Posted August 6, 2012 Hi Ed! You are hacker! I'll speak with the team about how to avoid this situation. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.