Uploaded image for project: 'Atlassian Cloud'
  1. Atlassian Cloud
  2. CLOUD-8639

Webdav access for groups other than administrator

    XMLWordPrintable

Details

    Description

      The webdav access authorization is controlled by Apache and hardcoded to only allow members of the groups 'administrators' and 'system-administrators'. If a customer deletes the administrators group in favor of customization they lose access to webdav.

      Description
      Users can access Webdav if he belongs to group with exact name administrators:

      1. If user belongs to a group with the name as administrators and although this group does not have JIRA Administrators global permission, he still can access Webdav.
      2. If the group that user belongs to has JIRA Administrators global permission but is not named as administrators, then, he can not access Webdav.

      Reproduce steps

      1. Remove administrators group out of JIRA Administrators global permission.
      2. Log in with user account that belong to this group, then this user can access Webdav.
      3. Rename administrators group to jira-system-administrators.
      4. Add JIRA Administrators global permission to this group.
      5. Log in with user account that belong to this group, then the user is unable to access Webdav.
      6. Rename the group back to administrators, then user can access Webdav.

      Expected result

      1. Users belong to group that has JIRA Administrators global permission can access to Webdav regardless the group name.
      2. Users belong to group with the name as administrators and this group does not have JIRA Administrators global permission are not allowed to access Webdav.

      Cause
      In crowd/horde there is a specific table (cwd_app_dir_group_mapping) that gives a group specifically named 'administrators' access to the application 'webdav'. If you delete the administrators group this entry is removed, and there is no way for customers to access webdav, even if the group is recreated. The only way to fix it is with an insert statement into the cwd_app_dir_group_mapping table.

      Workaround

      Log a ticket at https://support.atlassian.com to get the following workaround applied to your Cloud instance:

      1. Recreate the 'administrators' group in User Management.
      2. Run the following SQL query to grant permission once more: 
        insert into cwd_app_dir_group_mapping values (229390, 196615, 8, 32769, 'administrators');
      3. Restart Horde
      4. Add the user wishing to access webdav to the 'administrators' group.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CLOUD-6873 Administration users are unable to access Webdav if they do not belong to administrators group

          • High - High priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. ID-6186 'administrators' group should not be removable in User Management

          • Low - Low priority issues
          • Closed

          Suggestion - CLOUD-7460 Inform WebDAV logins require administrators membership

          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              cbenard Carlen Benard (Inactive)
              Votes:
              12 Vote for this issue
              Watchers:
              29 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: