Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27439

Global anonymous configuration takes precedence over repository configuration

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.30.1
    • Fix Version/s: None
    • Component/s: Docker, Security
    • Labels:
    • Environment:
      Rhel 7

      Description

      I have anonymous access granted globally using default anonymous role permissions

      (repository view * all browse & read access)

      I have a hosted docker registry with the anonymous access disabled.

      Users are able to pull images from the registry while being unauthenticated.

       

      As a work around i created a new anonymous role, I granted read&browse access to the new role to every repository except the hosted docker registry.

      I confirmed that unauthenticated users are no longer able to pull images from that registry.

       

      for whatever reason, it appears that the global anonymous setting is taking precedence over repository configuration which is not intended based on the document 

      https://help.sonatype.com/repomanager3/formats/docker-registry/docker-authentication#DockerAuthentication-UnauthenticatedAccesstoDockerRepositories

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            mitcht mitch talbot
            Last Updated By:
            Joe Tom Joe Tom
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title