sigoden/dufs

Separate Anonymous User Authorization

Closed this issue · 1 comments

Feature Request: Separate Anonymous User Authorization

Dear dufs developers,

I would like to propose a feature enhancement to improve the authorization system in dufs, specifically regarding anonymous user access.

Currently, the "@" symbol in the authorization configuration represents all users, including both anonymous and authenticated users. This approach can lead to unintended consequences in many scenarios. For instance, when setting read-only permissions for a directory using the "@" symbol, it affects all users, requiring additional configuration for authenticated users to grant them read-write access.

To address this issue, I suggest implementing a dedicated username for anonymous users: "anonymous". This aligns with the default anonymous username used in WebDAV systems. By doing so, we can achieve the following benefits:

  1. Separation of concerns: Authorization for anonymous users can be isolated from authenticated users, preventing unintended permission overlaps.

  2. Improved granularity: Administrators can set specific permissions for anonymous users without affecting authenticated users' access rights.

  3. Consistency with web login: The username for anonymous users accessing via web interface could also be set to "anonymous", providing a uniform approach across different access methods.

Example of proposed syntax:

auth:
  - "anonymous@/:ro,/public:rw"
  - "user1:password1@/:rw"
  - "user2:password2@/:rw"

In this example, anonymous users would have read-only access to the root directory and read-write access to the /public directory, while authenticated users (user1 and user2) would have full read-write access to all directories.

It seems that dufs currently does not support setting empty passwords for specific users. If a user is configured with an empty password, it appears to cause login issues on the web interface. This might be a limitation in the current authentication system, which likely expects non-empty passwords for security purposes.

This change would significantly enhance the flexibility and intuitiveness of dufs's authorization system, making it easier for administrators to set up secure and efficient file-sharing environments.

Thank you for considering this feature request. I believe it would greatly improve the user experience and security of dufs.

Sincerely
006hjy

We will not support this feature.

Your solution is weird and hacky. The current strategy of dufs is better.