New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: Released
Owner:
Last visit > 30 days ago
Closed: Feb 2016



Sign in to add a comment

ssh command allows creating groups with the same name as a system group

Project Member Reported by zaro0...@gmail.com, Jan 20 2016

Issue description

Affected Version: 2.11+

What steps will reproduce the problem?
1. Create a "Registered Users" group with the SSH command:  ssh -p 29418 localhost gerrit create-group '"Registered Users"'.  Gerrit doesn't prevent this and the group is created.
2. Now if you attempt to configure access rules with "Registered Users" group it will use this newly created group instead of the system group.

What is the expected output? What do you see instead?
Users should not be able to create internal groups with the same names as systems groups.

Please provide any additional information below.
This works as expected from the Gerrit UI [1] and from the REST API[2].  It also works as expected if you attempt to create duplicate internal group.


[1] With an Admin account, attempt to create a "Registered Users" group from the Gerrit UI.  Gerrit won't allow it, the response is "Resource already exists".  
 
[2] curl -X PUT --digest --digest --user $user:$pasword http://localhost:8080/a/groups/Registered%20Users
Response is "Group already exists"

 
Project Member

Comment 1 by zaro0...@gmail.com, Jan 26 2016

Owner: zaro0...@gmail.com
Status: ChangeUnderReview
proposed fix: https://gerrit-review.googlesource.com/#/c/74312
Project Member

Comment 2 by ekempin@google.com, Feb 8 2016

Labels: FixedIn-2.13
Status: Submitted
Project Member

Comment 3 by huga...@gmail.com, Sep 22 2016

Status: Released (was: Submitted)

Sign in to add a comment