Search Results

Search found 587 results on 24 pages for 'acl'.

Page 18/24 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

• cakephp VS codeigniter VS zend framework

  - by i need help

  Very possibly very related: What PHP framework would you choose for a new application and why? Zend or CakePHP? Which one is better? Some people say CakePHP is better for php 4, what do you think? In my case, I would like the following: Lesser code to write, have really strong library and plugin base. Always have new library etc added in from contributor, eg: google map and etc... Ability to use together with the templating system like smarty. Have ACL that can control all the permission level issue. Load class when needed, unload when not needed. Load class once and use globally. Can run in windows environment (I am using xampp to run my php in windows.) After the site done, I will upload all codes into windows 2008 server (using php 5)

  Read the article

• Best Design for a Facebook clone on GAE Java

  - by charming30

  My current App is written in Python on GAE which can do Contacts management, Genealogy, Social Networking, Photo sharing, Telecom Integration (SMS, iVRS, URL Billing), CRON and performs business logic operations for our Mobile Apps. Current Architecture indlues python, django, jquery, memcache and few telecom APIs. Now, It feels that an SOA Architecture on GAE using Java would be really ideal and scalable for this kind of App where we want to build new features like widgets that users can turn on or off and third party developers can also develop and deploy features. Please correct me or improve the following design decision: UI (Current plan is GWT) Sessions, Security and ACL (Spring MVC 2.x) Reusable Business Logic components (?) Implementation of Web Services (?) Your advice would really help.

  Read the article

• Ask Basic Configurator in Apache Commong Log

  - by adisembiring

  I use log4j as logger for my web application. in log4j, I can set the level log in log4j properties or log4j.xml. in log4j, we instance logger as follows: static Logger logger = Logger.getLogger(SomeClass.class); I init log4j basic configurator in a servlet file using init method. But, I usually test application using JUnit, So I init the basic configurator in setup method. after that, I test the application, and I can see the log. Because I deployed, the web in websphere. I change all of logging instance become: private Log log = LogFactory.getLog(Foo.class); I don't know how to load basic configurator using ACL. so I can't control debug level to my JUnit test. do you have any suggestion, without changing static Logger logger = Logger.getLogger(SomeClass.class); become static Logger logger = Logger.getLogger(SomeClass.class);

  Read the article

• Delete link to file without clearing readonly bit

  - by Joshua

  I have a set of files with multiple links to them. The files are owned by TFS source control but other links to them are made to them. How do I delete the additional links without clearing the readonly bit. It's safe to assume: The files have more than one link to them You are not deleting the name owned by TFS There are no potential race conditions You have ACL full control for the files The machine will not lose power, nor will your program be killed unless it takes way too long. It's not safe to assume: The readonly bit is set (don't set it if its not) You can leave the readonly bit clear if you encounter an error and it was initially set Do not migrate to superuser -- if migrated there the answer is impossible because no standard tool can do this.

  Read the article

• Programmatically allow write access for a Registry key

  - by Kerido

  Hi everybody, I need to programmatically modify the Access Descriptors on a known Registry key during product installation. The way I want it to work is: The installer is run in Administrative mode. A Registry key is created. A function (the one I need) queries the ACL from the key. If this function finds that the group 'Users' already has write access, nothing should be done. If not, it should add a new permission allowing write access to the 'Users' group. The permissions are saved for the Registry key. This question is similar to Setting Registry key write permissions using .NET, however, I need a C++/Win32 implementation. Thanks in advance

  Read the article

• Cakephp database migration error

  - by Vijay Kumbhar

  Hello All, I am using Ubuntu + cakephp 1.3. I am trying the database migration with the help of cakeDC migration plugin. I configured the plugin as per the instructions. But when i goes to the terminal, goes to the path of the application application_path/app/ dir then fire a command 'cake migration help' it gives me following error, Hello user, Welcome to CakePHP v1.2 Console Current Paths: -working: /path/to/cake/ -root: /path/to/cake/ -app: /path/to/cake/app/ -core: /path/to/cake/ Changing Paths: your working path should be the same as your application path to change your path use the '-app' param. Example: -app relative/path/to/myapp or -app /absolute/path/to/myapp Available Shells: app/vendors/shells/: - none vendors/shells/: - none cake/console/libs/: acl api bake console extract To run a command, type 'cake shell_name [args]' To get help on a specific command, type 'cake shell_name help' Then i followed the steps given in the : http://book.cakephp.org/view/108/The-CakePHP-Console $ cake -app /path/to/app But i am not getting the success. Can anybody help me out from this issue... Thanks in adavnce.

  Read the article

• Cakephp 1.3, router and authentication problem

  - by Zhlobopotam

  Trying to implements simple privileges for admin user. Don't need huge acl rules and groups system. There are admin users, overs - just registered users. They can't access actions with admin prefix. So It was implemented in cakephp1.2 version with following code in app_controller: function isAuthorized() { if (isset($this->params[Configure::read('Routing.admin')])) { if ($this->Auth->user('admin') != 1) { return false; } } return true; } But in 1.3 Routing.admin had been deprecated. How to rewrite it for use with 1.3 framework? Need some help.

  Read the article

• Control Menu Items based on Privileges of Logged In User with spring security

  - by Nirmal

  Hi All... Based on this link I have incorporated the spring security core module with my grails project... I am using the Requestmap concept by storing each role, user and requestmap inside the database only... Now my requirement is to provide the menu items based on the users assigned roles... For e.g.: If my "User" Main Menu have following Items : Dashboard Import User Manage User And if I have assigned a roles of Dashboard and Import User to the user with a username "auditor" then, only following Menu items should be displayed on the screen : User (Main Menu) - Dashboard (sub menu) - Import User (sub menu) I have explored the Spring Security ACL plugin for the same, but it's using the Domain classes to get it working... So, wanted to know the convenient way to do so... Thanks in advance...

  Read the article

• Debugging a Browser Redirect Loop

  - by just_wes

  Hi all, I am using CakePHP with the Auth and ACL components. My page loads fine for non-registered users, but if I try to log in as a registered user I get an infinite redirect loop in the browser. I am sure that this is some sort of permissions problem, but the problem exists even for users who have permissions for everything. The only way to prevent this behavior is to allow '*' in my AppController's beforeFilter method. What is the best way to debug this sort of problem? Thanks!

  Read the article

• a direct, simple api to run as system?

  - by fejesjoco

  Suppose a program is running with elevated privileges already, and it needs to see the contents of the System Volume Information folder, and by default, only NT Authority\System can do that. A workaround would be to change ACL's on the folder, but I don't want to mess with that. I already found two ways to do it: the task scheduler and psexec. They are too indirect, I don't even need to describe the first one, and the second one works by installing a windows service, running it, telling it to run whatever I wanted to run, then uninstalling the service. Now the question is: is there a direct, simple WinAPI function to run something as system? I don't think that such an API would circumvent the security restrictions, as an administrator I have the right to schedule a task or install a service, so there must be a shortcut.

  Read the article

• Inline Zend Navigation links in view content saved to db

  - by takeshin

  I'm storing the page content in the database (both as markup and HTML code) and displaying this content in the view (let's say it's CMS or forum post). The this data have also some links to internal pages existing in sitemap (Zend_Navigation object). It's easy to insert the link in page body just by using <a> tag. But the contents of this inline links does not change when I update the sorce XML for Zend Navigation (url's, attributes, ACL permissions). How do you handle this case? Special markup for the link, converting the link using url view helper? Iterate Zend_Navigation object extracting specific link (one by one)?

  Read the article

• php convert images and upload to amazon s3

  - by faraklit

  I am looking for a best practice while uploading images to amazon s3 server and serving from there. We need four different sizes of an image. So just after image upload we convert the image and scale in 4 different widths and heights. And then we send them to the amazon s3 using official php api. // ... // image conversions, bucket setting, s3 initialization etc. $sizes= array("", "48", "64", "128"); foreach($sizes as $size) { $filename = $upload_path.$dest_file.$size.$ext; $s3->batch()->create_object($bucket, , array( 'fileUpload' => $filename, 'acl' => AmazonS3::ACL_PUBLIC, )); } But for a 1M image the client sometimes wait up to 30 seconds which is a very long time. Instead of sending images immediately to S3, it may be better to add them to a job queue. But the user should see the uploaded image immediately.

  Read the article

• Rails 3 loading all models on startup

  - by janechii

  Hi all, I have a class method mixed in to all my models. the method gets called when the model class is evaluated. unfortunately (for me), this seems to be on-demand, whenever the model is needed in development env. how can have rails load all the models at start up? is this even advisable? class Foo < ActiveRecord::Base include Acl register_acl # i need this to be called for all models at start up end thank you!

  Read the article

• Faster s3 bucket duplication

  - by Sean McCleary

  I have been trying to find a better command line tool for duplicating buckets than s3cmd. s3cmd can duplicate buckets without having to download and upload each file. The command I normally run to duplicate buckets using s3cmd is: s3cmd cp -r --acl-public s3://bucket1 s3://bucket2 This works, but it is very slow as copies each file via the API one at a time. If s3cmd could run in parallel mode, I'd be very happy. Are there other options available as a command line tools or code that people use to duplicate buckets that are faster than s3cmd?

  Read the article

• Gparted Partition Mount Points Alternate Between 2 Physical Disk Drives

  - by California Ken

  I'm running Ubuntu Server 14.04 on a system with 2 physical disk drives. I am frequently seeing mount errors on startup. When I check the drive partitions using GPARTED, I see that my two "non-system created" data partitions have the wrong disk assignments (i.e. sda1 vs sdb1) or visa-versa. If I hand edit /etc/fstab to match GPARTED, the system will boot error free one time. On the second restart I will get the "serious mount problem" error for the 2 data partitions and when I check GPARTED, the disk assignments have changed again (again, GPARTED and fstab don't match). A listing of my /etc/fstab is: /etc/fstab: static file system information. # Use 'blkid' to print the universally unique identifier for a device; this may be used with UUID= as a more robust way to name devices that works even if disks are added and removed. See fstab(5). # / was on /dev/sdb2 during installation UUID=766a06a4-e5af-484a-adf0-fa1e88da7212 / ext4 errors=remount-ro,user_xattr,acl,barrier=1 0 1 swap was on /dev/sda6 during installation UUID=8c42f835-ead3-43fb-88d8-196f5dfc3aa7 none swap sw 0 0 swap was on /dev/sdb3 during installation UUID=2214deec-ba98-47da-aea7-4e46998f3e57 none swap sw 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0 /dev/sda1 /media/ken/Linux-Data ext3 defaults 0 2 /dev/sda5 /media/ken/Data2 ext4 defaults 0 2 The device designations in the last 2 lines are the ones in question. The fstab entries to NOT change between system restarts but the mount points in the GPARTED display do. Does anyone have a fix for this? Thanks Mr. Young and Mr Gedak, Following is my fstab file and two blkid outputs. The fstab output is correct. The first blkid output was after a reboot and is WRONG! The sda and sdb device partition data is reversed. The 2nd blkid output was after a second reboot (fstab not changed). It shows the sda and adb partition data CORRECTLY. I didn't see any duplicate UUIDs. Does anyone have any idea why the GPARTED and blkid outputs alternate on consecutive reboots? The alternating partition data is real since when the partition assignments are reversed, the boot sequence halts with disk mounting errers (I have to press "s" to skip the mounts). Thanks again. Ken I copied the contents of a text file showing my fstab and 2 blkid outputs. The text file contents show up in the text entry box but does not appear in the main body of the question. Is there a way I can attach the text file or edit this question so that the text is displayed for question viewers?

  Read the article

• How do I configure sound with PulseAudio and Multiseat?

  - by Anthony

  In the spirit of full disclosure, i just posted this question to the ubuntu forums, but i figure more heads working on it couldn't hurt. I have a multi-seat setup working quite well. Hot plugging input devices works as expected and such. The only issue I am still not able to resolve is getting the audio for each seat. Here is a summary of my attempts at getting audio to work: Make ~/.pulse/default.pa dynamically configured based on which $DISPLAY the user logs in at. See this pastebin for the details. Load pulseaudio as a system-wide instance. Couldn't get this to work. None of the audio hardware was accessible to the users. Use udev rules to mark seats in ConsoleKit. Following udev guidelines found here: http://www.freedesktop.org/wiki/Software/systemd/multiseat I didn't think this would work, although it was "guaranteed" to work by someone in irc.freenode #pulseaudio None of those attempts yielded success, which is why I now turn to the community for help. It is quite possible that the suggested methods work and I just messed some aspect of it up, idk. This is the last piece of the puzzle which is needed before I can go and update the MultiseatX page to include instructions for Ubuntu 12.04. My understandings on the situation: Access to pulseaudio is restricted to the active session as marked by ConsoleKit (something about an ACL). CK can only mark one session as active at a time. This simple little fact of life leads me to believe that the solution should involve pulseaudio being run as a system-wide instance. Each user should connect to the pulse server and be limited to a subset of all the hardware. Maybe each user connects to the pulse server via localhost, idk. I do know that regardless of my attempts and their failed results, I was always able to use sudo aplay -D plughw:0,0 /usr/share/sounds/alsa/Front_Center.wav to play something to any of the hardware. I'm grasping at straws and am now down to the last few hairs i can pull out of my head. Please, help me figure this out so we can share the wealth. Any additional information needed will be provided at your request.

  Read the article

• Squid on an Azure VM

  - by LantisGaius

  I can't get it to work. Here's exactly what I did: Create a new Azure VM, Windows Server 2012. RDP to the new VM Download & Extract Squid for Windows (2.7.STABLE8) Rename the conf files (squid, mime & cachemgr) Add the following lines on the end of squid.conf auth_param basic program c:/squid/libexec/ncsa_auth.exe c:/squid/etc/passwd.txt auth_param basic children 5 auth_param basic realm Welcome to http://abcde.fg Squid Proxy! auth_param basic credentialsttl 12 hours auth_param basic casesensitive off acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users Use http://www.htaccesstools.com/htpasswd-generator-windows/ to create passwd.txt Test passwd.txt via c:/squid/libexec/ncsa_auth.exe c:/squid/etc/passwd.txt (success) squid -z squid -i net start squid (No errors so far). go to https://manage.windowsazure.com, Virtual Machines - myVM - Endpoints Add Endpoint: Name: Squid Protocol: TCP Public Port: 80 Private Port: 3128 That's it. Unfortunately, it doesn't work. I think I screwed something up at the endpoint? I'm not sure.. help? EDIT: I'm testing it via Firefox - Options - Advanced - Network, and the exact error is "The Proxy Server is refusing connections." I'm using my DNS as the Proxy server "abcdef.cloudapp.net" and port 80 (since that's my public endpoint).

  Read the article

• Postfix: LDAP not working (warning: dict_ldap_lookup: Search base not found: 32: No such object)

  - by Heinzi

  I set up LDAP access with postfix. ldapsearch -D "cn=postfix,ou=users,ou=system,[domain]" -w postfix -b "ou=users,ou=people,[domain]" -s sub "(&(objectclass=inetOrgPerson)(mail=[mailaddr]))" delivers the correct entry. The LDAP config file looks like root@server2:/etc/postfix/ldap# cat mailbox_maps.cf server_host = localhost search_base = ou=users,ou=people,[domain] scope = sub bind = yes bind_dn = cn=postfix,ou=users,ou=system,[domain] bind_pw = postfix query_filter = (&(objectclass=inetOrgPerson)(mail=%s)) result_attribute = uid debug_level = 2 The bind_dn and bind_pw should be the same as I used above with ldapsearch. Nevertheless, calling postmap doesn't work: root@server2:/etc/postfix/ldap# postmap -q [mailaddr] ldap:/etc/postfix/ldap/mailbox_maps.cf postmap: warning: dict_ldap_lookup: /etc/postfix/ldap/mailbox_maps.cf: Search base 'ou=users,ou=people,[domain]' not found: 32: No such object If I change LDAP configuration, so that anonymous users have complete access to LDAP olcAccess: {-1}to * by * read then it works: root@server2:/etc/postfix/ldap# postmap -q [mailaddr] ldap:/etc/postfix/ldap/mailbox_maps.cf [user-id] But when I restrict this access to the postfix user: olcAccess: {-1}to * by dn="cn=postfix,ou=users,ou=system,[domain]" read by * break it doesn't work but produces the error printed above (although ldapsearch works, only postmap doesn't). Why doesn't it work when binding with a postfix DN? I think I set up the LDAP ACL for the postfix user correctly, as the ldapsearch command should prove. What can be the reason for this behaviour?

  Read the article

• Authenticating Windows 7 against MIT Kerberos 5

  - by tommed

  Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): Screen-shot: http://dl.dropbox.com/u/577250/email/login_attempt.png If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

  Read the article

• s3cmd fails too many times

  - by alfish

  It used to be my favorite backup transport agent but now I frequently get this result from s3cmd on the very same Ubuntu server/network: root@server:/home/backups# s3cmd put bkup.tgz s3://mybucket/ bkup.tgz -> s3://mybucket/bkup.tgz [1 of 1] 36864 of 2711541519 0% in 1s 20.95 kB/s failed WARNING: Upload failed: /bkup.tgz ([Errno 32] Broken pipe) WARNING: Retrying on lower speed (throttle=0.00) WARNING: Waiting 3 sec... bkup.tgz -> s3://mybucket/bkup.tgz [1 of 1] 36864 of 2711541519 0% in 1s 23.96 kB/s failed WARNING: Upload failed: /bkup.tgz ([Errno 32] Broken pipe) WARNING: Retrying on lower speed (throttle=0.01) WARNING: Waiting 6 sec... bkup.tgz -> s3://mybucket/bkup.tgz [1 of 1] 28672 of 2711541519 0% in 1s 18.71 kB/s failed WARNING: Upload failed: /bkup.tgz ([Errno 32] Broken pipe) WARNING: Retrying on lower speed (throttle=0.05) WARNING: Waiting 9 sec... bkup.tgz -> s3://mybucket/bkup.tgz [1 of 1] 28672 of 2711541519 0% in 1s 18.86 kB/s failed WARNING: Upload failed: /bkup.tgz ([Errno 32] Broken pipe) WARNING: Retrying on lower speed (throttle=0.25) WARNING: Waiting 12 sec... bkup.tgz -> s3://mybucket/bkup.tgz [1 of 1] 28672 of 2711541519 0% in 1s 15.79 kB/s failed WARNING: Upload failed: /bkup.tgz ([Errno 32] Broken pipe) WARNING: Retrying on lower speed (throttle=1.25) WARNING: Waiting 15 sec... bkup.tgz -> s3://mybucket/bkup.tgz [1 of 1] 12288 of 2711541519 0% in 2s 4.78 kB/s failed ERROR: Upload of 'bkup.tgz' failed too many times. Skipping that file. This happens even for files as small as 100MB, so I suppose it's not a size issue. It also happens when I use put with --acl-private flag (s3cmd version 1.0.1) I appreciate if you suggest some solution or a lightweight alternative to s3cmd. Thanks

  Read the article

• HAProxy + NodeJS gets stuck on TCP Retransmission

  - by sled

  I have a HAProxy + NodeJS + Rails Setup, I use the NodeJS Server for file upload purposes. The problem I'm facing is that if I'm uploading through haproxy to nodejs and a "TCP (Fast) Retransmission" occurs because of a lost packet the TX rate on the client drops to zero for about 5-10 secs and gets flooded with TCP Retransmissions. This does not occur if I upload to NodeJS directly (TCP Retransmission happens too but it doesn't get stuck with dozens of retransmission attempts). My test setup is a simple HTML4 FORM (method POST) with a single file input field. The NodeJS Server only reads the incoming data and does nothing else. I've tested this on multiple machines, networks, browsers, always the same issue. Here's a TCP Traffic Dump from the client while uploading a file: ..... TCP 1506 [TCP segment of a reassembled PDU] >> everything is uploading fine until: TCP 1506 [TCP Fast Retransmission] [TCP segment of a reassembled PDU] TCP 66 [TCP Dup ACK 7392#1] 63265 > http [ACK] Seq=4844161 Ack=1 Win=524280 Len=0 TSval=657047088 TSecr=79373730 TCP 1506 [TCP Retransmission] [TCP segment of a reassembled PDU] >> the last message is repeated about 50 times for >>5-10 secs<< (TX drops to 0 on client, RX drops to 0 on server) TCP 1506 [TCP segment of a reassembled PDU] >> upload continues until the next TCP Fast Retransmission and the same thing happens again The haproxy.conf (haproxy v1.4.18 stable) is the following: global log 127.0.0.1 local1 debug maxconn 4096 # Total Max Connections. This is dependent on ulimit nbproc 2 defaults log global mode http option httplog option tcplog frontend http-in bind *:80 timeout client 6000 acl is_websocket path_beg /node/ use_backend node_backend if is_websocket default_backend app_backend # Rails Server (via nginx+passenger) backend app_backend option httpclose option forwardfor timeout server 30000 timeout connect 4000 server app1 127.0.0.1:3000 # node.js backend node_backend reqrep ^([^\ ]*)\ /node/(.*) \1\ /\2 option httpclose option forwardfor timeout queue 5000 timeout server 6000 timeout connect 5000 server node1 127.0.0.1:3200 weight 1 maxconn 4096 Thanks for reading! :) Simon

  Read the article

• DNS Server on Fedora 11

  - by Funky Si

  I recently upgraded my Fedora 10 server to Fedora 11 and am getting the following error in my DNS/named config. named[27685]: not insecure resolving 'fedoraproject.org/A/IN: 212.104.130.65#53 This only shows for certain addresses some are resolved fine and I can ping and browse to them fine, while others produce the error above. This is my named.conf file acl trusted-servers { 192.168.1.10; }; options { directory "/var/named"; forwarders {212.104.130.9 ; 212.104.130.65; }; forward only; allow-transfer { 127.0.0.1; }; # dnssec-enable yes; # dnssec-validation yes; # dnssec-lookaside . trust-anchor dlv.isc.org.; }; # Forward Zone for hughes.lan domain zone "funkygoth" IN { type master; file "funkygoth.zone"; allow-transfer { trusted-servers; }; }; # Reverse Zone for hughes.lan domain zone "1.168.192.in-addr.arpa" IN { type master; file "1.168.192.zone"; }; include "/etc/named.dnssec.keys"; include "/etc/pki/dnssec-keys/dlv/dlv.isc.org.conf"; include "/etc/pki/dnssec-keys//named.dnssec.keys"; include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf"; Anyone know what I have set wrong here?

  Read the article

• Squid - Active Directory - permissions based on Nodes rather than Groups

  - by Genboy

  Hi, I have squid running on a gateway machine & I am trying to integrate it with Active Directory for authentication & also for giving different browsing permissions for different users. 1) /usr/lib/squid/ldap_auth -b OU=my,DC=company,DC=com -h ldapserver -f sAMAccountName=%s -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w mypwd 2) /usr/lib/squid/squid_ldap_group -b "OU=my,DC=company,DC=com" -f "(&(sAMAccountName=%u)(memberOf=cn=%g,cn=users,dc=company,dc=com))" -h ldapserver -D "CN=myadmin,OU=Unrestricted Users,OU=my,DC=company,DC=com" -w zxcv Using the first command above, I am able to authenticate users. Using the second command above, I am able to figure out if a user belongs to a particular active directory group. So I should be able to set ACL's based on groups. However, my customer's AD setup is such that he has users arranged in different Nodes. For eg. He has users setup in the following way cn=usr1,ou=Lev1,ou=Users,ou=my,ou=company,ou=com cn=usr2,ou=Lev2,ou=Users,ou=my,ou=company,ou=com cn=usr3,ou=Lev3,ou=Users,ou=my,ou=company,ou=com etc. So, he wants that I have different permissions based on whether a user belongs to Lev1 or Lev2 or Lev3 nodes. Note that these aren't groups, but nodes. Is there a way to do this with squid? My squid is running on a debian machine.

  Read the article

• NTFS: Deny all permissions for all files, except where explicitly added

  - by Simon

  I'm running a sandboxed application as a local user. I now want to deny almost all file system permissions for this user to secure the system, except for a few working folders and some system DLLs (I'll call this set of files & directories X below). The sandbox user is not in any group. So it shouldn't have any permissions, right? Wrong, because all "Authenticated Users" are a member of the local "Users" group, and that group has access to almost everything. I thought about recursively adding deny ACL-entries to all files and directories and remove them manually from X. But this seems excessive. I also thought about removing "Authenticated Users" from the "Users" group. But I'm afraid of unintended side-effects. It's likely that other things rely on this. Is this correct? Are there better ways to do this? How would you limit the filesystem permissions of a (very) non-trustworthy account?

  Read the article

• Apache randomly loses permission to see files.

  - by arbales

  I have a server (Leopard Server, not my choice) running Apache and MySQL. Several months ago, the server began to raise "Forbidden" errors at random intervals, preventing access to a PHP application. This behavior randomly ceased. Now, several days ago I installed Passenger and deployed a Sintra/Rack application. The application runs as a user acarneg (for example) from /Library/WebServer/Documents/presto/current/public, acarneg owns the entire structure. The _www user has access to the directory via ACL chmod +a "_www allow read,write,...". Everything works great! But after a randomish interval, often ~12 or ~24 hours, Passenger throws an error that also prevents the PHP application from running. Passenger Error #2. Cannot stat file config.ru. Permission denied. But the permissions haven't changed (confirmed) and all one has to do to resolve the error is sudo apachectl graceful. If the permissions aren't changing and Apache doesn't seem to have a legit problem, what is causing this mess? Why did it stop before, and why has it resumed!?!?!? Thanks for the help!

  Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24  | Next Page >