Uploaded image for project: 'Atlassian Cloud'
  1. Atlassian Cloud
  2. CLOUD-8639

Webdav access for groups other than administrator

    XMLWordPrintable

Details

    Description

      The webdav access authorization is controlled by Apache and hardcoded to only allow members of the groups 'administrators' and 'system-administrators'. If a customer deletes the administrators group in favor of customization they lose access to webdav.

      Description
      Users can access Webdav if he belongs to group with exact name administrators:

      1. If user belongs to a group with the name as administrators and although this group does not have JIRA Administrators global permission, he still can access Webdav.
      2. If the group that user belongs to has JIRA Administrators global permission but is not named as administrators, then, he can not access Webdav.

      Reproduce steps

      1. Remove administrators group out of JIRA Administrators global permission.
      2. Log in with user account that belong to this group, then this user can access Webdav.
      3. Rename administrators group to jira-system-administrators.
      4. Add JIRA Administrators global permission to this group.
      5. Log in with user account that belong to this group, then the user is unable to access Webdav.
      6. Rename the group back to administrators, then user can access Webdav.

      Expected result

      1. Users belong to group that has JIRA Administrators global permission can access to Webdav regardless the group name.
      2. Users belong to group with the name as administrators and this group does not have JIRA Administrators global permission are not allowed to access Webdav.

      Cause
      In crowd/horde there is a specific table (cwd_app_dir_group_mapping) that gives a group specifically named 'administrators' access to the application 'webdav'. If you delete the administrators group this entry is removed, and there is no way for customers to access webdav, even if the group is recreated. The only way to fix it is with an insert statement into the cwd_app_dir_group_mapping table.

      Workaround

      Log a ticket at https://support.atlassian.com to get the following workaround applied to your Cloud instance:

      1. Recreate the 'administrators' group in User Management.
      2. Run the following SQL query to grant permission once more:
        insert into cwd_app_dir_group_mapping values (229390, 196615, 8, 32769, 'administrators');
        
      3. Restart Horde
      4. Add the user wishing to access webdav to the 'administrators' group.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              cbenard Carlen Benard (Inactive)
              Votes:
              12 Vote for this issue
              Watchers:
              30 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: