Unix user account X is special, in the sense many users can login as user X to create working directories and execute code. The users don't directly login as user X and come through a web interface which carries out the execution of code. They each get a working directory.
I don't want the users to intentionally or by accident view other user's working directory. Is there a way to do this?
I was thinking of creating another unix user Y and putting them in a same group. And have User Y own the working directory leaving user X to create subdirectory under that. I am checking to see if someone has a better idea/solution to this.
Related
Title says it simply.
I have a MS Access Database on a shared drive and the majority of users aren't experts so quite often the leave their PC with the Database open then it locks the PC, someone else will come along and switch it to their account, go to open the Database and get confused by the two files with the same name.
I can think of solutions for this e.g. using shortcuts so they dont actually see the laccdb or accdb file
But what I want to know is if there are any settings in Access (2010) that can make the .laccdb file hidden when it is created or just give it a random name like word or excel tmp files?
When I google this the results are more for removing people from the database so you can delete the laccdb file
This is actually a multi-user setup even though just one user can be active.
So you need to distribute the frontend to each user while having the backend in a folder with access for all users - that could be a subfolder of C:\Users\Public.
Here's is a script that will handle the distribution:
Deploy and update a Microsoft Access application in a Citrix environment
I'm trying to deploy an "intranet" folder hierarchie with a simple workflow, that:
shut of anonymous users from that hierarchie, even sub-levels
let users of a certain group enter that hierarchie only, even sub-levels
have private objects unvisible by default
upon publishing make them visble to all users of the group
private folders should deny other users (except admins) to enter that folder and access any object below
This scenario is discussed here: http://blog.keul.it/2011/10/plone-security-and-workflows-learn-how.html?m=1
It's more or less the same here: Plone Intranet workflow and group permissions
The answer of the question of above is:
Leave the page or folder in the private workflow state, NOT published internally. (I think this is the step you were missing.) 2.
On the Sharing tab for the page or folder, grant 'Can view' to the
group you want to share with, just like you already tried. You don't
have to change the "inherit permissions from higher levels" checkbox.
However, if I grant 'can view' only, the user may not enter the folder, but if I grant 'can add', too, the user may enter. However, this makes all objects below visible to all users of that group.
Example:
user is member of group1
folder in private state
-> share with group1 'can view'
user may not enter folder;
-> share with group1 'can add'
user may enter and sees all object, even private ones
This is Plone 5.0.6, should this setup work?
Here is a reminder in general, though it might not answer the question per se.
1) Make sure you configure the 'real' target on its Sharing tab. For example, a folder with a default view might mislead the target. 2) Likewise, items with index_html IDs in a folder will become the default view, that might mislead the target. 3) Can View in the Sharing tab means Reader role in the workflow settings. Check permission settings in Workflow State. The following is my example settings hopefully gives hints.
I´m using Alfresco-LDAP to migrate all my ldap users to Alfresco service.
So far I achieve transfer all users but for every user the home folder created in Alfresco for them is his name, and what I would like, is to share a folder for all members of the ldap group, since I have multiple groups and every user of that group only can get files from that group.
This is the property
ldap.synchronization.defaultHomeFolderProvider
I read in the Alfresco documentation http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
But seems like what I´m trying to do is not contemplated.
Any suggestion please?
unfortunately there is no configurable HomeFolderProvider for groups supporting specific spaces. You need to crate your own HomeFolderProvider in Java for that. Out of the box you could use the companyHomeFolderProvider which is normally used if you want to disable the homefolder feature. The user object requires a userhome to be able to log in and the work around is to set the root (company_home) for that.
s.
[1] https://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
[2] Disable the user home folder creation
Good afternoon!
I'm a system administrator at a university, and I am responsible for setting up the images for a computer lab. R is part of the default image, and for the longest time we only had a single log-in for all lab users, allowing us to set the default directory once and then image it across multiple systems. This has changed, and we're now having all users log on with a personalized log-in. That brings me to a problem I'm having with R, and why I'm turning to you.
You see, as most of you may be aware, when R is run for the first time, a dialog box opens up that prompts for a location to save packages and the like. Hit 'OK' and it's the user file, but hit anything else and it's wherever you put it. The problem is, we've locked down the systems rather tightly, and access to anything more than the user's individual directory is not something we like to do.
The question I have is this - is there a way to force R, on first run, via hands-free script or just a setting somewhere, to default to the user's directory on the system for package storage? This would prevent me from having to give All Users access to read and write to the R directory, and would have fewer possibilities of screwing up since they wouldn't actually have a choice to change it. If I have to continue giving permissions in that folder, I can, but I'd rather not.
Thanks!
Edit your .Renviron file to set the default path:
# .Renviron file
R_LIBS = '~/.R/library'
I can't test this right now, but I believe you could add something like Sys.setenv(R_LIBS_USER=path.expand('~\R\library')) to the Rprofile.site file found in the R etc directory.
'...to default to the user's directory on the system for package storage...'
another way, especially if you wanted different setting for staff/students would be to to use group policy to set an environment variable for selected machines/users at login.
e.g. the equivalent of...
SETX "R_LIBS" "\\fileserver2/department_shared/public/r/packages"
you can easily check if this has worked by starting R and trying
Sys.getenv("R_LIBS")
also, this command can then show you what packages are installed:
rownames(installed.packages())
I've developed an ASP.NET v4 web app which I am trying to get to write to a folder in the webroot.
For the life of me I cannot get Windows 7 to allow it to write a file, I get Access is Denied error each time.
What I have tried on the folder is
attrib -r /foldernameandpath
attrib -r -s /foldernameandpath
Removing Check from ReadOnly attribute in folder properties
Changed owner to folder to current user whom is also the admin
Changed owner to Everyone
Adding Everyone user to folder with all permissions
Changing the folder to the Public Document directory
Changing to the root of the C drive (Out of desperation)
Nothing seems to work and all I want to do is test that the write works.
Now I know the system works and writes fine cause I had this same web app on a second machine writing the PDFs to the C drive without issue. This second machine I just cannot get it to allow the write.
Oh please for the love of all things holy, put the keyboard and mouse down and stop what you are doing. Some of the actions in your list seriously frightens me.
All the things you list as your actions are most likely useless or desperately random at best.
As a web developer, you shouldn't have to start messing around changing ownership of folders, especially not the web root folder normally used by the web server. When you do, you'll end up in a dark, cold and lonely place. Lord only knows what other desperate measures you have taken. For your own sake, I'll recommend you to do a system restore or even system reinstall to make sure you are in a healthy state.
Let's go back one step and try to sort out what you are doing.
First: what is the path you are trying to write to?
Second: are you running this application directly from within Visual Studio or in IIs?
If you are doing the first option then your current user account is the account who tries to write to the path in question. Do you have write permissions there?
One thing you can try is to start Visual Studio with elevated permissions and see if that works.
If you are running in IIs, it the associated pool account that needs write permissions.
Are you doing impersonation by any chance? If so, make sure the impersonated account have proper permissions.
You should only write to a predefined folder within your app path, like ..\App_Data for example.
The easiest way to find out which account you are running with and determine what path you are trying to write to, is to fire up SysIntenals process monitor and find the entry with the access denied result. Select properties for that entry and find out which account tried to do the write action. When you have determined that, right click on the folder in question and give the proper account write permissions.