Search Results

Search found 2133 results on 86 pages for 'zend acl'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 40/86 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • Make a socket as a user but make it readable and writable by another

    - by user1598585
    I have a software that is run under user A, this software creates a socket in /sockets and the socket should be readable and writable by user B. I have tried setting the directory to have ownership A:A or A:B but when user A creates the socket, it ends up with uid A and gid A. Using ACLs has not helped so far, the default mask is preventing the rights to be effective. rw permisions for B will always turn into jusr r. If what I make is not a socket it will work fine. How can I best accomplish this task? (It is for a web-server where the web-application makes the socket and the web-server software forwards requests to it)

    Read the article

  • Using Extended ACLs to control write access?

    - by tocapa
    I am trying to set up file uploading on a website, but I get a permissions error when trying to write to upload directory. When I asked my supervisor about this, he suggested using extended ACLs to give the server write access to the directory. I've looked ACLs and nothing has suggested to me that this is the right way to go. Am I just not looking in the right place? How would I use ACLs to do this, or if not, what would be the right way to go about this? Forgive me for I've never used ACLs before so I don't know what I'm talking about.

    Read the article

  • Grant account write access to specific attributes on Active Directory User object

    - by Patricker
    I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes? Attributes I need to grant permission for: First Name (givenName) Last Name (sn) Initials (initials) Department (department) Company (company) Title (title) Manager (manager) Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox) Work Phone (telephoneNumber) Pager (pager) IP Phone (ipPhone) IP Phone Other (otherIpPhone) ThumbnailLogo (thumbnailLogo) jpegPhoto (jpegPhoto) Description (displayName) Thanks

    Read the article

  • oddities in interference of linux extened ACLs and 'regular' permissions

    - by abbot
    I've got some legacy code which checks that some file is read-only and readable only by it's owner, i.e. permissions set to 0400. I also need to give read-only access to this file to some other user on the system. I'm trying to set extended ACLs, but this changes 'regular' permission bits in a strange way also: $ ls -l hostkey.pem -r-------- 1 root root 0 Jun 7 23:34 hostkey.pem $ setfacl -m user:apache:r hostkey.pem $ getfacl hostkey.pem # file: hostkey.pem # owner: root # group: root user::r-- user:apache:r-- group::--- mask::r-- other::--- $ ls -l hostkey.pem -r--r-----+ 1 root root 0 Jun 7 23:34 hostkey.pem And after this the legacy code starts complaining that the file is group-readable (while it is actually not!) Is it possible to set the extended ACLs in such a way that some other user will also have read-only access, while the file will appear to have only 0400 'regular' permissions?

    Read the article

  • Default permission for newly-created files/folders using ACLs not respected by commands like "unzip"

    - by Ngoc Pham
    I am having trouble with setting up a system for multiple users accessing the same set of files. I've read tuts and docs around and played with ACLs but haven't succeeded yet. MY SCENARIO: Have multiple users, for example, user1 and user2, which is belong to a group called sharedusers. They must have all WRITE permission to a same set of files and directories, say underlying in /userdata/sharing/. I have the folder's group set to sharedusers and SGID to have all newly created files/dirs inside set to same group. ubuntu@home:/userdata$ ll drwxr-sr-x 2 ubuntu sharedusers 4096 Nov 24 03:51 sharing/ I set ACLs for this directory so I can have permission of sub dirs/files inheritted from its parents. ubuntu@home:/userdata$ setfacl -m group:sharedusers:rwx sharing/ ubuntu@home:/userdata$ setfacl -d -m group:sharedusers:rwx sharing/ Here's what I've got: ubuntu@home:/userdata$ getfacl sharing/ # file: sharing/ # owner: ubuntu # group: sharedusers # flags: -s- user::rwx group::r-x group:sharedusers:rwx mask::rwx other::r-x default:user::rwx default:group::r-x default:group:sharedusers:rwx default:mask::rwx default:other::r-x Seems okay as when I create new folder with new files inside and the permission is correct. ubuntu@home:/userdata/sharing$ mkdir a && cd a ubuntu@home:/userdata/sharing/a$ touch a_test ubuntu@home:/userdata/sharing/a$ getfacl a_test # file: a_test # owner: ubuntu # group: sharedusers user::rw- group::r-x #effective:r-- group:sharedusers:rwx #effective:rw- mask::rw- other::r-- As you can see, the sharedusers group has effective permission rw-. HOWEVER, if I have a zip file, and use unzip -q command to unzip the file inside the folder sharing, the extracted folders don't have group write permisison. Therefore, the users from group sharedusers cannot modify files under those extracted folders. ubuntu@home:/userdata/sharing$ unzip -q Joomla_3.0.2-Stable-Full_Package.zip ubuntu@home:/userdata/sharing$ ll drwxrwsr-x+ 2 ubuntu sharedusers 4096 Nov 24 04:00 a/ drwxr-xr-x+ 10 ubuntu sharedusers 4096 Nov 7 01:52 administrator/ drwxr-xr-x+ 13 ubuntu sharedusers 4096 Nov 7 01:52 components/ You an spot the difference in permissions between folder a (created before) and folder administrator extracted by unzip. And the ACLs of a files inside administrator: ubuntu@home:/userdata/sharing$ getfacl administrator/index.php # file: administrator/index.php # owner: ubuntu # group: ubuntu user::rw- group::r-x #effective:r-- group:sharedusers:rwx #effective:r-- mask::r-- other::r-- It also has ubuntu group, not sharedusers group as expected. Could someone please explain the problem and give me advice? Thank you in advance!

    Read the article

  • Folder default ACLs not inherited when new file is created

    - by Flavien
    I'm a bit of a beginner with Unix systems, but I'm running Cygwin on my Windows Server, and I am trying to figure out something related to extended ACLs. I have a directory to which I set the following ACLs: Administrator@MyServer ~ $ setfacl -m d:u:Someuser:r-- somedir Administrator@MyServer ~ $ getfacl somedir/ # file: somedir/ # owner: Administrator # group: None user::rwx group::r-x mask:rwx other:r-x default:user::rwx default:user:Someuser:r-- default:group::r-x default:mask:rwx default:other:r-x As you can see mose of the default ACLs have the x bit. Then when I create a fine in it, it doesn't inherit the ACLs it is supposed to: Administrator@MyServer ~ $ touch somedir/somefile Administrator@MyServer ~ $ getfacl somedir/somefile # file: somedir/somefile # owner: Administrator # group: None user::rw- user:Someuser:r-- group::r-- mask:rwx other:r-- It's basically missing the x bit everywhere. Any idea why?

    Read the article

  • icacls, Network Service, and setting ACLs on Windows Server 2008

    - by Ted
    Setting ACLs on Windows Server 2008 via the command line is giving me some problems. As per http://web2.minasi.com/forum/topic.asp?TOPIC%5FID=26907 I've tried all sorts of variations: C:\Windows\system32icacls "D:\Websites\site.com\Web\bin*" /grant 'NT A uthority\NETWORK SERVICE: (OI) (CI)M' C:\Windows\system32icacls "D:\Websites\site.com\Web\bin*" /grant "NETWORK SERVICE": (OI) (CI)M And all variations in between. However, each try leads to i.e. "Invalid parameter "'NETWORK'"" depending on the variation above. As per http://technet.microsoft.com/en-us/library/cc753525%28WS.10%29.aspx (see in comments), it appears that others have experienced the same issue where the same command works on Windows 7/Vista/etc., but not on Windows Server 2008. What's the best way to apply permissions to Network Service account on a directory and/or files via the command line in Windows Server 2008? Especially as there's no way to do multiple file permissions at once via the GUI (see http://serverfault.com/questions/30991/windows-server-2008-change-security-settings-for-multiple-files-at-once).

    Read the article

  • Make a socket as an user but make it readable and writable by another

    - by user1598585
    I have a software that is run under user A, this software creates a socket in /sockets and the socket should be readable and writable by user B. I have tried setting the directory to have ownership A:A or A:B but when user A creates the socket, it ends up with uid A and gid A. Using ACLs has not helped so far, the default mask is preventing the rights to be effective. rw permisions for B will always turn into jusr r. If what I make is not a socket it will work fine. How can I best accomplish this task? (It is for a web-server where the web-application makes the socket and the web-server software forwards requests to it)

    Read the article

  • one share include more shares in diffrent premission

    - by saber
    hi all ubuntu 8.04 \ samba I want at the opening share \my_host there was the directory in which will be catalogs with different rights (eg the user with the IP is allowed to write only in one directory) example \\my_host\folder --\folder1 -user_ip1 can write to folder --\folder2 -user_ip2 .... --\folder3 my smb.conf [filials] path = /var/filials comment = No comment ;admin users = nobody ;directory mask = 755 ;read only = no available = yes browseable = yes writable = yes guest ok = yes public = yes printable = no share modes = yes ;locking = yes [filials\user1] path = /var/filials/user1 comment = No comment ;admin users = nobody ;directory mask = 755 ;read only = no available = yes browseable = yes writable = yes guest ok = yes public = yes printable = no share modes = yes ;locking = yes what is write [filials\user1] so user1 was in the catalog filials

    Read the article

  • Preferred method for allowing unprivileged UNIX/Linux users to view syslog information

    - by Joshua Hoblitt
    I have some non-privileged "role accounts" that need the ability to view [some of] the local syslogs (eg. /var/log/messages) for debugging purposes. This is explicitly local log data, not remote syslog, logstash, etc. Obviously, there's several ways to address this issue. What I'd like to know is if there is a fairly "standardized" way to solve this issue. Typically, I solve this problem with sudo but either POSIX groups or acls is attractive as it's few chars for the users to type and it removes entries from the sudo log. However, I don't believe I've ever seen that done before. What is your experience? How do large install base sites address this?

    Read the article

  • What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?

    - by warren
    It seems that most other filesystems handle the basic *nix permissions (ugo±rwx), with maybe an addition here or there. Or can be "made" to handle ACLs through the use of other tools on top of the system. On the wikipedia pages about filesystems (http://en.wikipedia.org/wiki/List%5Fof%5Ffile%5Fsystems & http://en.wikipedia.org/wiki/Comparison%5Fof%5Ffile%5Fsystems), it appears that while some do support extended meta-data, none support natively the level of permissioning that NTFS does. Am I wrong in this understanding?

    Read the article

  • Is it logical that file system acls would be corrupted in a way that adds permission for another user?

    - by wilbbe01
    I was having issues on a shared hosting provider with the host's web server instance not serving some files. I asked the companies support about the issue and they responded with the results of getfacl on my home directory, and added the necessary line to allow their web server to obtain the necessary permissions. All is working happily now, but I noticed a line in the getfacl that was for what appeared to be another username to which I had no relation. I asked them about this and their response was that it was likely some minor corruption and that I could remove the unwanted line with the setfacl -x option. I know I never added the user to my home directory, and I also find it weird that that could truly happen due to corruption. So now that it is fixed I'm a little bit weary of whether or not they were trying to cover up a problem they accidentally gave someone permissions to my account, or if this kind of thing can really be corrupted in that way. Especially when that user is a real user on the same server. Any thoughts? Thanks.

    Read the article

  • JBoss basic access

    - by user101024
    I have JBoss 5 deployed on Solaris 10 - the servers connection has unrestricted high ports (1023) open to the internet. I can access the box via ssh & FTP from a second server on the same subnet and anywhere over the internet. JBoss is running over port 8080 and is accessible via http://locahost:8080 on the box itself. I cannot access it via http://ip.add.goes.here:8080 from either the other server on the same subnet or via the internet. Is there any service or configuration within JBoss or elsewhere on Solaris 10 that needs to be changed from default to allow http traffic to be served? Thanks, Kevin

    Read the article

  • Imap subfolders not shown in list command - perhaps acls misconfiguration

    - by mschenk74
    My goal is to copy the whole folder structure with all mails from one imap account to another. The tool I am using for this is imapcopy (the java based version from code.google.com since the unix/linux tool packaged with debian doesn't support imaps). Now, there is one problem: The tool only copies the top-level folders and not the nested ones. To narrow down the problem I have downloaded the source code of imapcopy and debugged into the code. There I noticed that the folder.list() (which is mapped to the list "%" imap command) returns an empty list. But when I do a getFolder(<subfoldername>) I can access those subfolders. After reading some documentation about the features of imap I think that the problem might be some misconfigured ACLs which prohibit the listing of those folders but allow to read ad write to them. How should I check this ACLs? which tools do I need for this task?

    Read the article

  • How do you set the default user in Linux for file creation?

    - by Not a Name
    I want to create a directory, for example: /public/all But I want it so that if you create a file in all, the owner is root, but anyone with access to the /public/all folder can delete/edit/etc the file, just not change the permissions. (I will use a self-created "setx" application to change the execute value if needed.) Reason for this, I don't want you to be able to deny other users write/read access to files in /public/all. I heard setuid on directories doesn't work for that.

    Read the article

  • Exception: Zend Extension ./filename.php does not exist

    - by safarov
    When i try to execute php file though CLI this message appear: Exception: Zend Extension ./filename.php does not exist But while run like this /usr/local/bin/php -q -r "echo 'test';" works as expected I tried to figure out what causing this, no success yet. Here some information about enviroment may be usefull: I have eaccelerator installed (working ok). In php.ini: zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20100525/eaccelerator.so" eaccelerator.shm_size="16" eaccelerator.cache_dir="/var/cache/eaccelerator" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="0" Apache and all sites are working Content of filename.php #!/usr/local/bin/php -q <?php echo 'test'; ?> What is the problem ?

    Read the article

  • PHP Zend Hash Vulnerability Exploitation Vector [closed]

    - by Resurrected Laplacian
    Possible Duplicate: CVE-2007-5416 PHP Zend Hash Vulnerability Exploitation Vector (Drupal) According to exploit-db, http://www.exploit-db.com/exploits/4510/, it says the following: Example: http://www.example.com/drupal/?_menu[callbacks][1][callback]=drupal_eval&_menu[items][][type]=-1&-312030023=1&q=1/ What are "[callbacks]","[1]" and all these stuffs? What should I put in to these stuffs? Can anyone present a real possible example? I wasn't asking for a real website; I was asking for a possible example! So, how would address be like - what should I put in to these stuffs, as the question says..

    Read the article

  • certain Smarty tags don't work in OpenX templates

    - by mikez302
    I am on a team that is developing an OpenX plugin, and I am responsible for the UI. I noticed that if I use certain Smarty tags in my template, the app doesn't work and I see an error message, similar to this: Plugin by name 'Html_select_date' was not found in the registry; used paths: default_views_helpers_: /openx/www/admin/plugins/myApp/application/modules/default/views/helpers/ OX_OXP_UI_View_Helper_: /openx/www/admin/plugins/myApp/application/../library/OX/OXP/UI/View/Helper/ OX_UI_View_Helper_: /openx/www/admin/plugins/myApp/application/../library/OX/UI/View/Helper/ Zend_View_Helper_: Zend/View/Helper/ (stack trace) The stack trace looks like this: #0 /openx/www/admin/plugins/myApp/library/Zend/View/Abstract.php(1117): Zend_Loader_PluginLoader-load('Html_select_dat...') #1 /openx/www/admin/plugins/myApp/library/Zend/View/Abstract.php(568): Zend_View_Abstract-_getPlugin('helper', 'html_select_dat...') #2 /openx/www/admin/plugins/myApp/library/OX/UI/Smarty/SmartyWithViewHelper.php(25): Zend_View_Abstract-getHelper('html_select_dat...') #3 /openx/var/templates_compiled/%2Fdefault%2Fviews%2Fscripts%2Findex%2Fview-reports.html^%%E8^E80^E80B56F2%%view-reports.html.php(38): OX_UI_Smarty_SmartyWithViewHelper-callViewHelper('html_select_dat...', Array) #4 /openx/lib/smarty/Smarty.class.php(1274): include('/openx...') #5 /openx/www/admin/plugins/myApp/library/OX/UI/View/SmartyView.php(103): Smarty-fetch('/openx...') #6 /openx/www/admin/plugins/myApp/library/Zend/View/Abstract.php(832): OX_UI_View_SmartyView-_run('/openx...') #7 /openx/www/admin/plugins/myApp/library/OX/UI/View/SmartyView.php(151): Zend_View_Abstract-render('index/view-repo...') #8 /openx/www/admin/plugins/myApp/library/OX/UI/View/Helper/WithViewScript.php(23): OX_UI_View_SmartyView-render('index/view-repo...') #9 /openx/www/admin/plugins/myApp/application/modules/default/views/helpers/ViewReports.php(5): OX_UI_View_Helper_WithViewScript::renderViewScript('index/view-repo...', Array) #10 /openx/www/admin/plugins/myApp/application/modules/default/controllers/IndexController.php(98): Default_Views_Helpers_ViewReports-renderPage() #11 /openx/www/admin/plugins/myApp/library/Zend/Controller/Action.php(512): IndexController-viewReportsAction() #12 /openx/www/admin/plugins/myApp/library/Zend/Controller/Dispatcher/Standard.php(288): Zend_Controller_Action-dispatch('viewReportsActi...') #13 /openx/www/admin/plugins/myApp/library/Zend/Controller/Front.php(945): Zend_Controller_Dispatcher_Standard-dispatch(Object(Zend_Controller_Request_Http), Object(Zend_Controller_Response_Http)) #14 /openx/www/admin/plugins/myApp/application/bootstrap.php(117): Zend_Controller_Front-dispatch() #15 /openx/www/admin/plugins/myApp/public/index.php(7): require('/openx...') #16 {main} This does not happen with all Smarty tags. For example, I can use {if}, {foreach}, or {assign} tags without any problems. But whenever I try to use {html_select_date}, {html_image}, or {html_table}, I get the errors. In case this matters, the programmer who is designing the plugin copied the openXWorkflow plugin and made some changes. I noticed that the openXWorkflow plugin has a file (openx/plugins_repo/openXWorkflow/www/admin/plugins/openXWorkflow/library/OX/UI/Smarty/SmartyCompilerWithViewHelper.php) with a class that overrides the default Smarty compiler, supposedly with the ability to compile shorthands for calling ZF view helpers. That file has a list of Smarty functions, but the list is incomplete. If I add the functions to the list, or simply delete the file, my template works fine, but I don't like to change library files. It may make the app hard to maintain, and I don't know if it will mess up something else. The file has the comment "There is no easy access to the list of Smarty's built-in functions so we need to list them here. HTML-specific functions are not included as we cover HTML generation separately.", so it seems like certain Smarty functions may be disabled on purpose for some reason. Will anything bad happen if I try to use them? If, for example, I want to use the {html_select_date} tag in my template, how would I go about doing that? Keep in mind that much of this stuff is new and unfamiliar to me. This is my first time ever using OpenX or Smarty, and I only have a little bit of experience with the Zend framework. Please let me know if we are using the wrong approach.

    Read the article

  • How to use global view files in Zend Framework?

    - by terrani
    Hi, I am trying to use global or shared view files. Let's say I have a module in Application/Modules/default and I have "IndexController.php" inside "default/controllers" within "IndexController", I would like to render a view that is located in "Application/Views". I tried to use addScriptPath, but Zend_View tries to look "Application/Views/index" directory. How do I eliminate "index" ?

    Read the article

  • Spring security annotations with EL -- requires debug information compiled in?

    - by HDave
    I am considering using Spring Security annotations for my application, with the EL (expression language) feature. For example: @PreAuthorize("hasPermission(#contact, 'admin')") public void deletePermission(Contact contact, Sid recipient, Permission permission); I need the EL capability because I have built my own ACL implementation. However, to use this capability with the "#contact" type arguments, the Spring documentation says this: You can access any of the method arguments by name as expression variables, provided your code has debug information compiled in. This begs two questions: It is acceptable to have a production application commercially distributed with debug info in it? If not, is there any way around this? Thanks for any guidance on this!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >