acl file modification without control rights

Question

acl file modification without control rights

it-is-i opened this issue 6 months ago · comments

Environment

Server version: 7.0.1
Node.js version: v20.10.0
npm version: 10.2.3

Description

In my scenario, I'm using comunica to read & update acl files.
I noticed that as soon as I have read and/or write rights (without control rights), that I can modify all my rights in the acl file.
There seems to be no check to validate if I actually have control rights in order to modify the acl file.

Alain Bourgeois · Answer 1 · Fri Dec 01 2023 22:41:21 GMT+0800 (China Standard Time)

I suppose this is because you are logged in has a pod Owner.
An owner has all rights (Control) on all ACL in the pod.

Joachim Van Herwegen · Answer 2 · Mon Dec 04 2023 16:16:17 GMT+0800 (China Standard Time)

As Alain mentioned, pod owners always have control access on all resources in their pods. This to prevent users from accidentally locking themselves out of their own pod.

it-is-i · Answer 3 · Mon Dec 04 2023 16:16:25 GMT+0800 (China Standard Time)

Your assumption is correct, this concerns the pod owner.
I was not aware he has control rights on all ACL's, even if that isn't mentioned in the ACL file itself.

My bad, thanks for the quick response.