Search Results

Search found 522 results on 21 pages for 'privilege elevation'.

Page 13/21 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Write-but-not-delete permissions on SAMBA

    - by m6a-uds
    Hi! I installed samba on my linux server for public file sharing on the LAN. I works great currently, but I would like to add some security: People from LAN should be able to Read files present and Add new ones, but not delete files. I want to keep this privilege for me ;-) How should-I do this? I have set up a "admin" account having full access even to deletion. There is just left to configure the "guest" acount. Google isn't helping that much right now...

    Read the article

  • Replicate Oracle to MySQL

    - by Rosdi
    I am developing a web apps, this web application will be using MySQL. Now I need to replicate my client's Oracle database into MySQL, only a few tables will be involved.. a table can be up to 2-3 million rows. I only have SELECT privilege on this Oracle, so don't ask me to install any kind of service on the Oracle machine. I have complete control on the MySQL side however. The replication is only one way (Oracle to MySQL). I can write a simple script to truncate MySQL table and repopulate it every night but I think this is very inefficient, there must be a better way. Is there any free tools I can use? Expensive database replication system is definitely out of the question.

    Read the article

  • All my folders and files on my flash drive have been renamed automatically and I can no longer open them... I need those files

    - by jennifer
    I opened up my flash drive this morning and all of my folders and files are normal, except for one folder and all its included files, which is the most important folder. The subfolders and files are renamed with bizarre characters and when I click to open them, a pop-up appears saying it's not accessible and the filename or directory name is incorrect. I don't want to reformat the flash drive because I'd lose all those files. Is there a way for me to restore it or something? I would attach a screen shot, but apparently new users do not have that privilege. If you have a vague idea of what I'm talking about, let me know and I can email you screenshots so you can have a better understanding. Any help is greatly appreciated!

    Read the article

  • Send an email whenever file is deleted from shared folder in windows 7

    - by azmuhak
    I am running a software on several computers at my workplace and the software can run different audio and video files stored on a shared folder in a central computer. The software runs on windows 7 and every person in my company can add or remove files from the shared folder, but this privilege puts the data at risk. I was thinking of creating an email alert to my self whenever a file is deleted. I have written a windows powershell script for sending me emails from smtp server but how can I hook it up to the event of file or folder deletion in a specific shared folder?

    Read the article

  • Why can't I grant exec on dbms_lock.sleep() OR create a procedure using it (but I can run it fine on its own)

    - by Richard Green
    I am trying to write a small bit of PL/SQL that has a non-CPU burning sleep in it. The following works in sqldeveloper begin dbms_lock.sleep(5); end; BUT (as the same user), I can't do the following: create or replace procedure sleep(seconds in number) is begin dbms_lock.sleep(seconds); end; without the error "identifer "DBMS_LOCK" must be declared... Funny as I could run it without a procedure. Just as strange, when I log in as a DBA, I can run the command grant exec on dbms_lock to public; and I get ERROR at line 1: ORA-00990: missing or invalid privilege This is oracle version "Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production"

    Read the article

  • How to run a service as a user who can't delete or update or create a file

    - by neeraj
    Mongodb is a web based console to try out Mongodb. I have created something similar to try out nodejs. In nodejs I am accepting user input and then I am performing eval on that command. Given the power of nodejs , someone from web console can create a file, delete files on the system or could execute 'rm -rf '. I was thinking will it be okay if I run node as a user called node. This user node will not have any privilege to write anything, create anything or update anything. The only access this user will have is read access. Will that work or that is too much of risk. What is a good strategy to handle such a situation?

    Read the article

  • How to run a command as administrator on Windows7 from a command line?

    - by Radek
    I need to run tscon.exe 0 /dest:console remotely = not manually on Windows7 as an administrator. More info here How to use tscon on Windows7? I did my research and OPTION 1 - runas for user root (no password) on computer yogurt works C:\>runas /user:yogurt\root cmd Enter the password for yogurt\root: Attempting to start cmd as user "yogurt\root" ... for user administrator (I thought the the password is blank too) on computer yogurt doesn't work. I am asked for password, hit the enter and C:\>runas /user:yogurt\administrator cmd Enter the password for yogurt\administrator: Attempting to start cmd as user "yogurt\administrator" ... RUNAS ERROR: Unable to run - cmd 1327: Logon failure: user account restriction. Possible reasons are blank passwo rds not allowed, logon hour restrictions, or a policy restriction has been enforced. OPTION 2 - setting properties of a batch file so it always runs as administrator. The 'privilege level' section is greyed out for me under Compatibility level. So I am not able to tick the check box Run this program as an administrator

    Read the article

  • Active Directory: how do you pull a list of accounts that belong to a user?

    - by Jack
    I'm a software developer currently stuck to support CyberArk at a large company. I need to pull up a list of accounts that is belong to a certain user. For example, let's said I have a user account named Bob and I want to find all the accounts that belong to Bob in AD meaning on the Organization tab of a user properties, the Manager should be Bob. I've absolutely zero knowledge regarding AD except the very basic. Is there a way to do it? I only have access to "Active Directory Users and Computers" tool and I'm not even sure if I have enough privilege to run script or install powershell to do it but would like to know the script or powershell command to do so if there is one.

    Read the article

  • icacls in windows 7 does not give full permission to write files in root drive

    - by Menuta
    icacls in windows 7 does not give full permission to write files in root drive. We have a very old application based on Omnis7 that needs to create and read/write files on drive C: when running as a restricted user. In Windows XP to give this permission is quite trivial using cacls. cacls C:\ /G Everyone:(C) The equivalent icacls in Windows 7 will not work. icacls C:\ /Grant Everyone:(M) I have also tried the following. icacls C:\ /Grant Everyone:(F) icacls C:\ /Grant Domain\user:(F) trying to create file with a restricted user gives this C:\>copy nul text.txt Access is denied. 0 file(s) copied. After applying the icacls permissions above the result changes to this. C:\>copy nul text.txt A required privilege is not held by the client. 0 file(s) copied. Is this an issue with the way I am applying the permissions? Or is Window 7 being extremely strict?

    Read the article

  • postfix/postdrop Issue with Solaris 10 (sparc) - permissions

    - by Zayne
    I am trying to get postfix (installed from blastwave) working on a Solaris 10 server, but only root is allowed to send mail. The problem appears to be permission related with postdrop. postdrop: warning: mail_queue_enter: create file maildrop/905318.27416: Permission denied I've checked that /var/opt/csw/spool/postfix/maildrop and /var/opt/csw/spool/postfix/public are both in the 'postdrop' group. main.cf contains setgid_group = postdrop. ppriv on postdrop as non-root user reports: postdrop[27336]: missing privilege "file_dac_write" (euid = 103, syscall = 5) needed at ufs_iaccess+0x110 I'm at a loss as to what to do next. I'm don't have much experience with Solaris; I use Linux daily. Any suggestions?

    Read the article

  • Clone MySQL DB - errors with CREATE VIEW/SHOW VIEW privileges

    - by user43537
    Running MySQL 5.0.32 on Debian 4.0 (Etch). I'm trying to clone a WordPress MySQL database completely (structure and data) on the same server. I tried a dump to an .sql file and an import into a new empty database from the command line, but the import fails with errors saying the user does not have the "SHOW VIEW" or "CREATE VIEW" privilege. Trying it with PHPMyAdmin doesn't work either. I also tried doing this with the MySQL root user (not named "root" though) and it shows an "Access Denied" error. I'm terribly confused as to where the problem is. Any pointers on cloning a MySQL DB and granting all privileges to a user account would be great (specifically for MySQL 5.0.32). Thanks!

    Read the article

  • How to access remotly to a mysql server?

    - by ÉricP
    Hi, I'm trying to access my remote mysql server from my own computer. I uncommented: bind-address = 80.10.65.45 I added 80.10.65.45 as a server in privilege root 80.10.65.45 yes ALL PRIVILEGES yes I'm using Sequel Pro on MacosX to connect via SSH here is the debug log: debug1: Authentication succeeded (password). debug1: Local connections to LOCALHOST:58517 forwarded to remote address 127.0.0.1:3306 debug1: Local forwarding listening on ::1 port 58517. debug1: channel 0: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 58517. debug1: channel 1: new [port listener] debug1: Entering interactive session. debug1: Connection to port 58517 forwarding to 127.0.0.1 port 3306 requested. debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused debug1: channel 2: free: direct-tcpip: listening port 58517 for 127.0.0.1 port 3306, connect from 127.0.0.1 port 58519, nchannels 3

    Read the article

  • Setup SVN repository subfolder specific write permission

    - by Hai Lang
    I need to setup a SVN repository which the devgroup should have full privilege to read and write except for two sub folders /1 and /2. For /1 and /2, four users should have write permission and all other users should only have read permission. I put the following into the configuration file, but people in devgroup still have write permission in /1 and /2. Any help would be highly appreciated. [project:/] @devgroup = rw [project:/1] @devgroup = r user1 = rw user2 = rw user3 = rw user4 = rw [project:/2] @devgroup = r user1 = rw user2 = rw user3 = rw user4 = rw

    Read the article

  • Show Slave Status not working from console, nor client.

    - by Mr. Leinad
    Hello, I have a somewhat strange case. Whenever one of my coworkers executes this line: show slave status; from their MySQL clients, it works smoothly. But if I do that, it says: ERROR 1227 (42000): Access denied; you need the SUPER,REPLICATION CLIENT privilege for this operation We are all going against the same database, and if I check privileges I can see: GRANT ALL PRIVILEGES ON . TO 'usermysql'@'%' IDENTIFIED BY PASSWORD 'password' There's something wrong with my computer.. but I can't pinpoint where it is.. Thanks EDIT: It's kinda bizarre.. it goes through a VPN remotely. But if I change the internet connection, then it works.. If the previous internet connection is restored, it doesn't.. Could we classify this among the great mysteries of the world? Or someone has an idea?

    Read the article

  • Recursively apply ACL permissions on Mac OS X (Server)?

    - by mralexgray
    For years I've used the strong-armed-duo of these two suckers... sudo chmod +a "localadmin allow read,write,append,execute,\ delete,readattr,writeattr,readextattr,writeextattr,\ readsecurity,writesecurity,chown" sudo chmod +a "localadmin allow list,search,add_file,add_subdirectory,\ delete_child,readattr,writeattr,readextattr,\ writeextattr,readsecurity,writesecurity,chown" to, for what I figured was a recursive, and all-encompassing, whole-volume-go-ahead for each and every privilege available (for a user, localadmin). Nice when I, localadmin, want to "do something" without a lot of whining about permissions, etc. The beauty is, this method obviates the necessity to change ownership / group membership, or executable bit on anything. But is it recursive? I am beginning to think, it's not. If so, how do I do THAT? And how can one check something like this? Adding this single-user to the ACL doesn't show up in the Finder, so… Alright, cheers.

    Read the article

  • How to run a script in Ubuntu via SSH as superuser?

    - by Irinotecan
    So I have a script that needs to be executed remotely as root. This isn't a problem with most Linux distros since they have a root account. But since Ubuntu does not, executing anything as root requires a 2-step process of entering the account password twice - once to log in and once for sudo. The SSH process to launch the script is automated, so it cannot pause for user input for the second password request. Does anyone know, short of hacking Ubuntu to re-enable root (not an option), if unattended SSH script execution with superuser privilege on the target machine is possible? Also, having no experience with Debian, does Debian behave this way too?

    Read the article

  • Table 'mysql.host' doesn't exist

    - by eriktm
    100913 10:21:29 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql /usr/local/mysql/libexec/mysqld: Table 'mysql.plugin' doesn't exist 100913 10:21:29 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it. 100913 10:21:29 [ERROR] Fatal error: Can't open and lock privilege tables: Table 'mysql.host' doesn't exist 100913 10:21:29 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended This is the output from the log-file for mysqld I get when I try to start mysqld with the mysqld_safe command. I tried to run mysql_upgrade to correct the first error, but this command seems to require the server to be started, which is my original problem. Next, it says that the table mysql.host does not exist. I was unable to figure out what this is caused by.

    Read the article

  • Start ELEVATED script from within script

    - by Ulrich
    Hallo, I'm playing around with Powershell (relative NewBie) and I'm looking for the easiest way to call a Powershell script with elevated rights from within another script. I know of the runas verb for start-process which allows me to start a new script with a different account. My problem is, however, that under Vista (UAC active) every admin account has two access tokens, a normal privilege one and an elevated one. If I use the runas method, the second scripts gets started under the right account but with the non-elevated access token. Is there an easy way to control this? Thanks a lot for your help! Ulrich

    Read the article

  • Centrally manage Windows 7 computers without Active Directory

    - by Sean W.
    I manage three Windows PCs at home using the principle of least privilege. This means that practically every other day when a new version of Java is released, I have to manually install the update using my administrative credentials on each machine. This is starting to become more work than I had expected. I would love to set up an active directory domain at home, but Microsoft has discontinued Windows home server; its replacement, Windows server 2012 essentials is much more expensive (about $500). Are there any free (preferably as in speech) that would allow me to centrally manage the software installed on each machine in a manner similar to that of active directory? I'd also like to find a way to centrally manage security settings, but I doubt there's an equivalent of group policy. Samba 4 would be an ideal solution, but according to its own developers, it is not yet stable enough for production use.

    Read the article

  • Does CHECK TABLE add read/write locks?

    - by Ztyx
    Hi, Yesterday I ran CHECK TABLE on a table that is read very frequently. I scanned the MySQL documentation for CHECK TABLE for any mentions of "lock" (and found none) and also noticed that only SELECT privilege was required to run the command. I therefor concluded that the command did not do any read lock and was safe to run even in production. Sadly, running the command took 1 minute and 37 seconds and seemed to block all read access. My question is therefor, does CHECK TABLE do any read lock? Any other reason why I experienced a read block on the table? Thanks

    Read the article

  • Windows 8 Permissions

    - by Dane Balia
    I, 2 days ago, completed a standard Windows 8 installation. It was a fresh install, however Windows 7 was on the disk prior to which it migrated to Windows.old. But for some strange and weird reason, I am struggling to 'write' to my disk in regards to .NET Applications. It appears that none of my .NET (self-written) applications can write to their log files on disk, which are created on startup. I have disabled UAC, as well as set Full Control over Disk C: for my User, but no luck. I keep getting the error: A required privilege is not held by the client. I did google and try some online tuts - but no luck! Thanks

    Read the article

  • Prevent applications from being run as administrator

    - by Unsigned
    Background Most installation toolkits have the ability to launch, automatically or otherwise, external programs after installation. This is often appears in the installer via such options as "Show readme", or "Start program". Issue The problem is, many of these installers are poorly coded, and do not drop permissions appropriately, for example, opening the application's homepage in the browser... launching the browser with the installer's Administrative privileges, or a "High" UAC integrity level. This has the potential to open up security breaches, by opening up a webpage (and possibly browser addons), that are now running with elevated permissions. Question The question is: Is there a way to prevent certain applications (such as a web browser) from ever being launched with Administrative privileges, i.e., an automatic drop-privilege?

    Read the article

  • Prevent specific applications from being run as administrator

    - by Unsigned
    Background Most installation toolkits have the ability to launch, automatically or otherwise, external programs after installation. This is often appears in the installer via such options as "Show readme", or "Start program". Issue The problem is, many of these installers are poorly coded, and do not drop permissions appropriately. For example, starting the application automatically, or opening the application's homepage in the browser, often results in launching the application or browser with the installer's Administrative privileges, or a "High" UAC integrity level! This has the potential to open up security breaches, by opening up the installed application, or a web page (and possibly browser add-ons), that are now running with elevated permissions. (This is the reason I strongly recommend never choosing auto-launch options when installing software.) Question The question is: Is there a way to prevent certain applications (such as a web browser) from ever being launched with Administrative privileges, i.e., an automatic drop-privilege?

    Read the article

  • Why my Network Connection Properties don't show UAC prompt & settings change everytime I connect?

    - by Manish Shrivastaw
    I can't set my network connection interface properties, UAC prompt doesn't appear anymore for only this adapter interface. I disable Netbios but each time I connect it changes back to default. Earlier I could set & forget easily as UAC prompt showed for this dialup 3G connection. It's very frustrating to change settings every time. Is there any way to make adapter interface 'blacklisted' (remove from UAC whitelist) again. I can manually make a connection (that shows Uac prompt) but my dialler app doesn't work with that. Is there any registry entry for setting privilege for Napagent etc. Or what could be the reason, please guide. All I want is to set my connection properties (Tcp advanced settings) which won't change.

    Read the article

  • SQL Server and Hyper-V Dynamic Memory Part 2

    - by SQLOS Team
    Part 1 of this series was an introduction and overview of Hyper-V Dynamic Memory. This part looks at SQL Server memory management and how the SQL engine responds to changing OS memory conditions.   Part 2: SQL Server Memory Management As with any Windows process, sqlserver.exe has a virtual address space (VAS) of 4GB on 32-bit and 8TB in 64-bit editions. Pages in its VAS are mapped to pages in physical memory when the memory is committed and referenced for the first time. The collection of VAS pages that have been recently referenced is known as the Working Set. How and when SQL Server allocates virtual memory and grows its working set depends on the memory model it uses. SQL Server supports three basic memory models:   1. Conventional Memory Model   The Conventional model is the default SQL Server memory model and has the following properties: - Dynamic - can grow or shrink its working set in response to load and external (operating system) memory conditions. - OS uses 4K pages – (not to be confused with SQL Server “pages” which are 8K regions of committed memory).- Pageable - Can be paged out to disk by the operating system.   2. Locked Page Model The locked page memory model is set when SQL Server is started with "Lock Pages in Memory" privilege*. It has the following characteristics: - Dynamic - can grow or shrink its working set in the same way as the Conventional model.- OS uses 4K pages - Non-Pageable – When memory is committed it is locked in memory, meaning that it will remain backed by physical memory and will not be paged out by the operating system. A common misconception is to interpret "locked" as non-dynamic. A SQL Server instance using the locked page memory model will grow and shrink (allocate memory and release memory) in response to changing workload and OS memory conditions in the same way as it does with the conventional model.   This is an important consideration when we look at Hyper-V Dynamic Memory – “locked” memory works perfectly well with “dynamic” memory.   * Note in “Denali” (Standard Edition and above), and in SQL 2008 R2 64-bit (Enterprise and above editions) the Lock Pages in Memory privilege is all that is required to set this model. In 2008 R2 64-Bit standard edition it also requires trace flag 845 to be set, in 2008 R2 32-bit editions it requires sp_configure 'awe enabled' 1.   3. Large Page Model The Large page model is set using trace flag 834 and potentially offers a small performance boost for systems that are configured with large pages. It is characterized by: - Static - memory is allocated at startup and does not change. - OS uses large (>2MB) pages - Non-Pageable The large page model is supported with Hyper-V Dynamic Memory (and Hyper-V also supports large pages), but you get no benefit from using Dynamic Memory with this model since SQL Server memory does not grow or shrink. The rest of this article will focus on the locked and conventional SQL Server memory models.   When does SQL Server grow? For “dynamic” configurations (Conventional and Locked memory models), the sqlservr.exe process grows – allocates and commits memory from the OS – in response to a workload. As much memory is allocated as is required to optimally run the query and buffer data for future queries, subject to limitations imposed by:   - SQL Server max server memory setting. If this configuration option is set, the buffer pool is not allowed to grow to more than this value. In SQL Server 2008 this value represents single page allocations, and in “Denali” it represents any size page allocations and also managed CLR procedure allocations.   - Memory signals from OS. The operating system sets a signal on memory resource notification objects to indicate whether it has memory available or whether it is low on available memory. If there is only 32MB free for every 4GB of memory a low memory signal is set, which continues until 64MB/4GB is free. If there is 96MB/4GB free the operating system sets a high memory signal. SQL Server only allocates memory when the high memory signal is set.   To summarize, for SQL Server to grow you need three conditions: a workload, max server memory setting higher than the current allocation, high memory signals from the OS.    When does SQL Server shrink caches? SQL Server as a rule does not like to return memory to the OS, but it will shrink its caches in response to memory pressure. Memory pressure can be divided into “internal” and “external”.   - External memory pressure occurs when the operating system is running low on memory and low memory signals are set. The SQL Server Resource Monitor checks for low memory signals approximately every 5 seconds and it will attempt to free memory until the signals stop.   To free memory SQL Server does the following: ·         Frees unused memory. ·         Notifies Memory Manager Clients to release memory o   Caches – Free unreferenced cache objects. o   Buffer pool - Based on oldest access times.   The freed memory is released back to the operating system. This process continues until the low memory resource notifications stop.    - Internal memory pressure occurs when the size of different caches and allocations increase but the SQL Server process needs to keep its total memory within a target value. For example if max server memory is set and certain caches are growing large, it will cause SQL to free memory for re-use internally, but not to release memory back to the OS. If you lower the value of max server memory you will generate internal memory pressure that will cause SQL to release memory back to the OS.    Memory pressure handling has not changed much since SQL 2005 and it was described in detail in a blog post by Slava Oks.   Note that SQL Server Express is an exception to the above behavior. Unlike other editions it does not assume it is the most important process running on the system but tries to be more “desktop” friendly. It will empty its working set after a period of inactivity.   How does SQL Server respond to changing OS memory?    In SQL Server 2005 support for Hot-Add memory was introduced. This feature, available in Enterprise and above editions, allows the server to make use of any extra physical memory that was added after SQL Server started. Being able to add physical memory when the system is running is limited to specialized hardware, but with the Hyper-V Dynamic Memory feature, when new memory is allocated to a guest virtual machine, it looks like hot-add physical memory to the guest. What this means is that thanks to the hot-add memory feature, SQL Server 2005 and higher can dynamically grow if more “physical” memory is granted to a guest VM by Hyper-V dynamic memory.   SQL Server checks OS memory every second and dynamically adjusts its “target” (based on available OS memory and max server memory) accordingly.   In “Denali” Standard Edition will also have sqlserver.exe support for hot-add memory when running virtualized (i.e. detecting and acting on Hyper-V Dynamic Memory allocations).   How does a SQL Server workload in a guest VM impact Hyper-V dynamic memory scheduling?   When a SQL workload causes the sqlserver.exe process to grow its working set, the Hyper-V memory scheduler will detect memory pressure in the guest VM and add memory to it. SQL Server will then detect the extra memory and grow according to workload demand. In our tests we have seen this feedback process cause a guest VM to grow quickly in response to SQL workload - we are still working on characterizing this ramp-up.    How does SQL Server respond when Hyper-V removes memory from a guest VM through ballooning?   If pressure from other VM's cause Hyper-V Dynamic Memory to take memory away from a VM through ballooning (allocating memory with a virtual device driver and returning it to the host OS), Windows Memory Manager will page out unlocked portions of memory and signal low resource notification events. When SQL Server detects these events it will shrink memory until the low memory notifications stop (see cache shrinking description above).    This raises another question. Can we make SQL Server release memory more readily and hence behave more "dynamically" without compromising performance? In certain circumstances where the application workload is predictable it may be possible to have a job which varies "max server memory" according to need, lowering it when the engine is inactive and raising it before a period of activity. This would have limited applicaability but it is something we're looking into.   What Memory Management changes are there in SQL Server “Denali”?   In SQL Server “Denali” (aka SQL11) the Memory Manager has been re-written to be more efficient. The main changes are summarized in this post. An important change with respect to Hyper-V Dynamic Memory support is that now the max server memory setting includes any size page allocations and managed CLR procedure allocations it now represents a closer approximation to total sqlserver.exe memory usage. This makes it easier to calculate a value for max server memory, which becomes important when configuring virtual machines to work well with Hyper-V Dynamic Memory Startup and Maximum RAM settings.   Another important change is no more AWE or hot-add support for 32-bit edition. This means if you're running a 32-bit edition of Denali you're limited to a 4GB address space and will not be able to take advantage of dynamically added OS memory that wasn't present when SQL Server started (though Hyper-V Dynamic Memory is still a supported configuration).   In part 3 we’ll develop some best practices for configuring and using SQL Server with Dynamic Memory. Originally posted at http://blogs.msdn.com/b/sqlosteam/

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >