Search Results

Search found 587 results on 24 pages for 'acl'.

Page 8/24 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?

    - by warren
    It seems that most other filesystems handle the basic *nix permissions (ugo±rwx), with maybe an addition here or there. Or can be "made" to handle ACLs through the use of other tools on top of the system. On the wikipedia pages about filesystems (http://en.wikipedia.org/wiki/List%5Fof%5Ffile%5Fsystems & http://en.wikipedia.org/wiki/Comparison%5Fof%5Ffile%5Fsystems), it appears that while some do support extended meta-data, none support natively the level of permissioning that NTFS does. Am I wrong in this understanding?

    Read the article

  • Is it logical that file system acls would be corrupted in a way that adds permission for another user?

    - by wilbbe01
    I was having issues on a shared hosting provider with the host's web server instance not serving some files. I asked the companies support about the issue and they responded with the results of getfacl on my home directory, and added the necessary line to allow their web server to obtain the necessary permissions. All is working happily now, but I noticed a line in the getfacl that was for what appeared to be another username to which I had no relation. I asked them about this and their response was that it was likely some minor corruption and that I could remove the unwanted line with the setfacl -x option. I know I never added the user to my home directory, and I also find it weird that that could truly happen due to corruption. So now that it is fixed I'm a little bit weary of whether or not they were trying to cover up a problem they accidentally gave someone permissions to my account, or if this kind of thing can really be corrupted in that way. Especially when that user is a real user on the same server. Any thoughts? Thanks.

    Read the article

  • Imap subfolders not shown in list command - perhaps acls misconfiguration

    - by mschenk74
    My goal is to copy the whole folder structure with all mails from one imap account to another. The tool I am using for this is imapcopy (the java based version from code.google.com since the unix/linux tool packaged with debian doesn't support imaps). Now, there is one problem: The tool only copies the top-level folders and not the nested ones. To narrow down the problem I have downloaded the source code of imapcopy and debugged into the code. There I noticed that the folder.list() (which is mapped to the list "%" imap command) returns an empty list. But when I do a getFolder(<subfoldername>) I can access those subfolders. After reading some documentation about the features of imap I think that the problem might be some misconfigured ACLs which prohibit the listing of those folders but allow to read ad write to them. How should I check this ACLs? which tools do I need for this task?

    Read the article

  • JBoss basic access

    - by user101024
    I have JBoss 5 deployed on Solaris 10 - the servers connection has unrestricted high ports (1023) open to the internet. I can access the box via ssh & FTP from a second server on the same subnet and anywhere over the internet. JBoss is running over port 8080 and is accessible via http://locahost:8080 on the box itself. I cannot access it via http://ip.add.goes.here:8080 from either the other server on the same subnet or via the internet. Is there any service or configuration within JBoss or elsewhere on Solaris 10 that needs to be changed from default to allow http traffic to be served? Thanks, Kevin

    Read the article

  • How do you set the default user in Linux for file creation?

    - by Not a Name
    I want to create a directory, for example: /public/all But I want it so that if you create a file in all, the owner is root, but anyone with access to the /public/all folder can delete/edit/etc the file, just not change the permissions. (I will use a self-created "setx" application to change the execute value if needed.) Reason for this, I don't want you to be able to deny other users write/read access to files in /public/all. I heard setuid on directories doesn't work for that.

    Read the article

  • Spring security annotations with EL -- requires debug information compiled in?

    - by HDave
    I am considering using Spring Security annotations for my application, with the EL (expression language) feature. For example: @PreAuthorize("hasPermission(#contact, 'admin')") public void deletePermission(Contact contact, Sid recipient, Permission permission); I need the EL capability because I have built my own ACL implementation. However, to use this capability with the "#contact" type arguments, the Spring documentation says this: You can access any of the method arguments by name as expression variables, provided your code has debug information compiled in. This begs two questions: It is acceptable to have a production application commercially distributed with debug info in it? If not, is there any way around this? Thanks for any guidance on this!

    Read the article

  • In linux, is there a way to set a default permission for newly created files and directories under a

    - by David Dean
    I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users. I would like a way to make sure that every file and directory created under this shared directory automatically had u=rwxg=rwxo=r permissions. I know that I could use umask 006 at the head off my various scripts, but I don't like that approach as many users write their own scripts and may forget to set the umask themselves. I really just want the filesystem to set newly created files and directories with a certain permission if it is in a certain folder. Is this at all possible? Update: I think it can be done with POSIX ACLs, using the Default ACL functionality, but it's all a bit over my head at the moment. If anybody can explain how to use Default ACLs it would probably answer this question nicely.

    Read the article

  • Having Trouble Granting Access Via Squid

    - by Muhnamana
    I'm by far no expert at this but how do I grant access to Squid? I'm current using 2.7.STABLE9. I've read you need to add a couple of lines, an acl and http_access line. So here's what I added and where. I highly doubt this is right since I'm trying to connect via my laptop and Firefox is yelling at me saying the proxy server is refusing connections. ACL Part: # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed **acl all_computers scr 192.168.1.0/255.255.255.0** acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network http_access part: # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed #http_access allow localnet http_access allow localhost http_access allow all_computers Any suggestions on what I'm doing wrong?

    Read the article

  • zend_acl: Adding extra resources dynamically and getting a param predispatch

    - by Timmeh
    First sorry about the woffle as I'm not sure how best to describe this. Basically I am not sure how I can get param in the bootstrap before the controller is loaded, but here is the long winded version... I have got an acl class storing all my default resources in. All my page/post content is a database and I want the admin the ability to choose who which role the page would become available. I know it is possible just to loop through the database table and add them all in at once, but I am concerned that this is a drain on resources. I have it working whereby my access check plugin can call a dynamic permission function, but I need to get the parameter of the current page ID and it's permission to set it before the controller is loaded. Does that make sense or am I worry over nothing and I should just get the resources of all the pages at once? thanks in advance for reading my garble!!

    Read the article

  • Image display permissions in PHP/Apache

    - by Randy
    I have a PHP site with a login system, and am trying to make a feature where only specific usernames can view particular images. I think what I'm trying to do is more involved than merely changing the .htaccess file, because a) this won't help discern between users that are/aren't allowed to view the image, and b) if someone enters the exact URL of the image ("directory/images/photos/230ru0q0238rn230nd_asdi0nqn8.jpg") they can still view the image (since it's a physical file in the directory, and not text in a DB, etc.). Again, restricting via .htaccess would restrict the directory as a whole, or all files in it, so I can't figure out how it would work. Ideally, all images would be blocked by trying to access them directly through their direct URL, and the image would only appear between <img> tags if the user's session/username is valid, else they get an error message. I've heard the term ACL but I'm not sure this is related to what I'm trying to do.

    Read the article

  • script to find "deny" ACE in ACLs, and remove it

    - by Tom
    On my 100TB cluster, I need to find dirs and files that have a "deny" ACE within their ACL, then remove that ACE on each instance. I'm using the following: # find . -print0 | xargs -0 ls -led | grep deny -B4 and get this output (partial, for example only) -r--rw---- 1 chris GroupOne 4096 Mar 6 18:12 ./directoryA/fileX.txt OWNER: user:chris GROUP: group:GroupOne 0: user:chris allow file_gen_read,std_write_dac,file_write_attr 1: user:chris deny file_write,append,file_write_ext_attr,execute -- -r--rwxrwx 1 chris GroupOne 14728221 Mar 6 18:12 ./directoryA/subdirA/fileZ.txt OWNER: user:chris GROUP: group:GroupOne 0: user:chris allow file_gen_read,std_write_dac,file_write_attr 1: user:chris deny file_write,append,file_write_ext_attr,execute -- OWNER: user:bob GROUP: group:GroupTwo 0: user:bob allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child,object_inherit,container_inherit 1: group:GroupTwo allow std_read_dac,std_write_dac,std_synchronize,dir_read_attr,dir_write_attr,object_inherit,container_inherit 2: group:GroupTwo deny list,add_file,add_subdir,dir_read_ext_attr,dir_write_ext_attr,traverse,delete_child,object_inherit,container_inherit -- As you can see, depending on where the "deny" ACE is, I can see/not-see the path. I could increase the -B value (I've seen up to 8 ACEs on a file) but then I would get more output to distill from... What I need to do next is extract $ACENUMBER and $PATHTOFILE so that I can execute this command: chmod -a# $ACENUMBER $PATHTOFILE Additional issue is that the find command (above) gives a relative path, whereas I need the full path. I guess that would need to be edited somehow. Any guidance on how to accomplish this?

    Read the article

  • Custom data forms in CakePHP

    - by Affian
    I'm building a controller to manage group based ACL in CakePHP and when I create or edit a group I want to be able to select what permissions it has. The group data table only stores a group ID and a group Name as the permissions are stored in the ACO/ARO table. I have an array from the ACO that I want to turn into a set of checkboxes so you can check them to allow access from that group to that ACO. So first off, how do I turn this array into a set of checkboxes. The array looks like this: array( [0] => array( [Aco] => array( [alias] => 'alias' [id] => 1) [children] => array ( [0] => array( [Aco]=> ...etc )) [1] => array( ...etc ) My next question is how can I check these once the form has been submitted to the controller to allow the selected actions? [Update] Ok changing the angle of my question, how can I use the Form helper to create forms that are not based on any Model?

    Read the article

  • cakephp group based permissions

    - by Elwhis
    Hey guys, I would like to have group based restrictions that would allow users to access only specified parts of the web. I am new to the whole ACL stuff and I didn't quite get it from the manual :/ therefore I would like to ask some questions. But before any questions, my routes look like this: Router::connect('/', array('controller' => 'users', 'action' => 'login')); Router::connect('/admin/:controller/:action/*', array('prefix' => 'admin', 'admin' => true)); Router::connect('/registered/:controller/:action/*', array('prefix' => 'registered', 'registered' => true)); 1.) How do I restrict users from any other group than Administrator to access ONLY the /registered/ part of the web 2.) How do I prevent anyone from using the default addresses like www.example.com/users/add on a global scale (I want only www.example.com/admin/users/add or www.example.com/registered/users/add type of addresses)? This kind of addresses is not event set in the routes.php but they still work. Any answers apprecated

    Read the article

  • Set umask, set permissions, and set ACL, but SAMBA isn't using those?

    - by Kris Anderson
    I'm running on Ubuntu Server 12.04. I have a folder called Music and I want the default folder permissions to be 775 and the default file to then be 664. I set the default permissions on the Music folder to be 775. I configured ACL to use these default permissions as well: file: Music owner: kris group: kris flags: ss- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x I also changed the default umask for my user account, kris, to 002 in .profile. Shouldn't and new file/folder now use those permissions when writing to the Samba share? ACL should work with Samba from what I can gather. Currently, if I write to that folder using my mac, folders are getting 755 and files 644. I have another app on my mac called GoodSync which which is able to sync a local directory on my mac to a network samba share, but those permissions are even worse. files are being written as 700 using that program. So it looks like Samba is allowing the host/program to determine the folder/file permissions. What changes do I need to make to force the permissions I want regardless of what the host tries to write on the server?

    Read the article

  • Hi , is there any wiki that supports ACL , ADI and API ? [closed]

    - by goutham
    Possible Duplicate: Which wiki satisfies ACL ADI and API ? Hi , is there any wiki that supports ACL , ADI and API ? and my requirement is we need a wiki that does three things 1. Uses ACL (Access Control lists - who can access what pages) 2. Needs AD (active directory integration) 3. Is scriptable via an API (meaning I can create a wiki page through an API in a program instead of logging in and manually typing in the page.) Ur help is appreciated Thanks in Advance Goutham

    Read the article

  • How to configure something like "Reflexive ACL" on OpenBSD?

    - by Earlz
    My U-Verse modem has something called "Reflexive ACL" described as Reflexive ACL: When IPv6 is enabled, you can enable Reflexive Access Control Lists to deny inbound IPv6 traffic unless this traffic results from returning outgoing packets (except as configured through firewall rules). This seems like a pretty good way to keep from having to maintain a firewall on each computer behind my router that gets handed an IPv6 address. It sounds about like a NAT, which for my small home network is all I want right now. Now my modem sucks as a router though, so I'm in the process of configuring an OpenBSD router to do that. I've got IPv6 supported and all that and my OpenBSD router will hand out IPv6 addresses by rtadvd. Now I want to keep people from having instant access to my local network through IPv6. How would I best do something like Reflexive ACL with pf in OpenBSD 5.0?

    Read the article

  • How to create a folder in SharePoint2010 root folder and set permission to it

    - by ybbest
    If you need to create a folder in SharePoint2010 root folder and set permission to it, here is piece of code that does it. In the script, I have created a folder called Temp in Logs folder under SharePoint2010 root and then I grant read/write access to the Windows group WSS_WPG and full access to the group WSS_ADMIN_WPG for that folder. $Folder=New-Item "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS\temp" -Type Directory -force $acl = Get-Acl $Folder ##The following line has been commented out , if you like to break the permission inheritance from the parent floder , uncommented the code. #$acl.SetAccessRuleProtection($True, $False) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("WSS_ADMIN_WPG","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("WSS_WPG","Modify", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) Set-Acl $Folder $acl References: http://technet.microsoft.com/en-us/library/ff730951.aspx http://msdn.microsoft.com/en-us/library/tbsb79h3.aspx http://blogs.technet.com/b/josebda/archive/2010/11/12/how-to-handle-ntfs-folder-permissions-security-descriptors-and-acls-in-powershell.aspx http://chrisfederico.wordpress.com/2008/02/01/setting-acl-on-a-file-or-directory-in-powershell/

    Read the article

  • User "oracle" unable to start or stop listeners

    - by user12620111
    Recently ran into a problem where user "oracle" was unable to start or stop listeners: oracle$ srvctl stop listener PRCR-1065 : Failed to stop resource ora.LISTENER.lsnr CRS-0245:  User doesn't have enough privilege to perform the operation CRS-0245:  User doesn't have enough privilege to perform the operation PRCR-1065 : Failed to stop resource ora.LISTENER_IB.lsnr CRS-0245:  User doesn't have enough privilege to perform the operation CRS-0245:  User doesn't have enough privilege to perform the operation The system is currently "fixed":oracle$ srvctl start listeneroracle$ srvctl status listenerListener LISTENER is enabledListener LISTENER is running on node(s): etc9cn02,etc9cn01Listener LISTENER_IB is enabledListener LISTENER_IB is running on node(s): etc9cn02,etc9cn01oracle$ srvctl stop listeneroracle$ srvctl status listenerListener LISTENER is enabledListener LISTENER is not runningListener LISTENER_IB is enabledListener LISTENER_IB is not runningoracle$ srvctl start listenerHow it was "fixed":Before:# crsctl status resource ora.LISTENER.lsnr -p | grep ACL=ACL=owner:root:rwx,pgrp:root:r-x,other::r--# crsctl status resource ora.LISTENER_IB.lsnr -p | grep ACL=ACL=owner:root:rwx,pgrp:root:r-x,other::r--"Fix":# crsctl setperm resource ora.LISTENER.lsnr -o oracle# crsctl setperm resource ora.LISTENER.lsnr -g oinstall# crsctl setperm resource ora.LISTENER_IB.lsnr -g oinstall# crsctl setperm resource ora.LISTENER_IB.lsnr -o oracleAfter:# crsctl status resource ora.LISTENER.lsnr -p | grep ACL=ACL=owner:oracle:rwx,pgrp:oinstall:r-x,other::r--# crsctl status resource ora.LISTENER_IB.lsnr -p | grep ACL=ACL=owner:oracle:rwx,pgrp:oinstall:r-x,other::r--I may never know how the system got into this state.

    Read the article

  • How to make images hosted on Amazon S3 less public but not completely private?

    - by Jay Godse
    I fired up a sample application that uses Amazon S3 for image hosting. I managed to coax it into working. The application is hosted at github.com. The application lets you create users with a profile photo. When you upload the photo, the web application stores it on Amazon S3 instead of your local file system. (Very important if you host at heroku.com) However, when I did a "view source" in the browser of the page I noticed that the URL of the picture was an Amazon S3 URL in the S3 bucket that I assigned to the app. I cut & pasted the URL and was able to view the picture in the same browser, and in in another browser in which I had no open sessions to my web app or to Amazon S3. Is there any way that I could restrict access to that URL (and image) so that it is accessible only to browsers that are logged into my applications? Most of the information I found about Amazon ACLs only talk about access for only the owner or to groups of users authenticated with Amazon or AmazonS3, or to everybody anonymously.

    Read the article

  • How to handle authorization in the view layout

    - by mathk
    Authorize attribute are good to do some access control base on Action but suppose that I have some UI element in the layout that should note be output unless the user is authorize. I could possibly set some boolean in the ViewBag but that is not the good solution I guess. Somewhere in the Layout.cshtml: @if (ViewBag.IsAuthorized) { <li>@Html.ActionLink("Index", "Admin")</li> } Let me know if there is a better solution. Thanks.

    Read the article

  • Read/Write versus Create/Read/Update/Delete permissions difference

    - by archmeta
    From a practical standpoint, is there any real-world difference between Read/Write permissions and Create/Read/Update/Delete permissions? It would seem that if a user had the ability to 'create', he should always have the ability to 'update' or 'delete'? If this is correct, then read/write should always be sufficient, and there is no need to store separate Create/Read/Update/Delete permissions? Are there any real-world use cases in which a user should be given permissions to create but not update, or update but not delete, etc...?

    Read the article

  • Injecting the application TransactionManager into a JPA EntityListener

    - by nodje
    I want to use the JPA EntityListener to support spring security ACLs. On @PostPersist events, I create a permission corresponding to the persisted entity. I need this operation to participate to the current Transaction. For this to happen I need to have a reference to the application TransactionManager in the EntityListener. The problem is, Spring can't manage the EntityListener as it is created automatically when EntityManagerFactory is instantiated. And in a classic Spring app, the EntityManagerFactory is itself created during the TransactioManager instantiation. <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory" /> </bean> So I have no way to inject the TransactionManager with the constructor, as it is not yet instantiated. Making the EntityManager a @Component create another instance of the EntityManager. Implementing InitiliazingBean and using afterPropertySet() doesn't work as it's not a Spring managed bean. Any idea would be helpful as I'm stuck and out of ideas.

    Read the article

  • What is the best way pre filter user access for sqlalchemy queries?

    - by steve
    I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do. Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the user that's currently logged in, then query by the criteria I am interested in. My concern is that the developers might forget to add this filter to the query (a huge security risk). Therefore, I would like to set a global filter based on the current user's admin rights to filter what the logged in user could see. Appreciate your help. Thanks.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >