[geeklog-users] Problem editing own stories
Philip Peake
philip at vogon.net
Sun Jul 18 20:20:22 EDT 2004
Vincent Furia wrote:
>Check to make sure that the "Topic Admin" group has read and write
>permissions on the topic to which the article belongs.
>
>
That does in fact fix things - but as I said in my previous post, why is
this needed when the owner (me) has R/E
permissions? This seems like a potential security issue, doens't this
give write permission to anyone via the group
permissions?
Philip
>-Vinny
>
>On Sun, 18 Jul 2004 16:13:04 -0700, Philip Peake <philip at vogon.net> wrote:
>
>
>>My problem:
>>
>> * Login as my own user (not admin).
>>
>> * My user (Philip) has the following rights assigned:
>> - All Users
>> - Story Admin
>> - Block Admin
>> - Link Admin
>> - Topic Admin
>> - Event Admin
>> - Poll Admin
>> - Logged-in Users
>> - Static Page Admin
>>
>> * Create a new story.
>>
>> * Attempt to edit story.
>>
>> * Edit fails with logged message:
>> Sun Jul 18 15:51:18 2004 (4 at 10.0.0.7) - User Philip tried to
>>illegally edit story 2004071815481577.
>>
>>Looking at DB contents:
>>
>> Philip has uid=4
>> The story has uid=4
>> The story has owerid=4
>> The story has sid=2004071815481577
>>
>>The story show permissions as:
>>
>> Owner Group Members Anonymous
>> R E R E R R
>> x x x - x x
>>
>>Admin can (or course) modify with no problem.
>>This problem is reproducible.
>>
>>Any ideas what is wrong?
>>
>>_______________________________________________
>>geeklog-users mailing list
>>geeklog-users at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-users
>>
>>
>>
>_______________________________________________
>geeklog-users mailing list
>geeklog-users at lists.geeklog.net
>http://lists.geeklog.net/listinfo/geeklog-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://eight.pairlist.net/pipermail/geeklog-users/attachments/20040718/c4459e09/attachment.html>
More information about the geeklog-users
mailing list