I have downloaded VisualSVN Server, version 5.1.1. In the left panel there is only Repositories and Jobs. I want to add new users for learing and testing purposes. However I can't see any settings to do so. I currently dont have a licence. Is this the main reason? If not, how can I enable Users and Groups folders or how can I reach to related settings? Keep in mind that I'm a completely newbie to this application. Any help is appreciated, thanks
I have tried to find related settings in autentication properties but I got confused and bogged down. I have tried to open the application as Administrator, still couldn't find or make sense of settings.
I also tried to find subversion authentication settings which is normally in the main page.
In the MMC snap-in, you should have a Users option down the left hand side of the tree. However, on the main Visual SVN page, you have various options, one of which should be Subversion Authentication. You can also add users and groups using the options here also (see below, for a screen shot of my SVN Server). Regarding the license, that shouldn't be an issue, as long as your requirement fits withing the "Community" licensing requirements.
If you don't see options to Create Users / Groups, use the Configure Authentication Options and set the Authentication Mode to Subversion Authentication. This will allow subversion to authenticate users based on a list that is setup within the server itself. Hope that Helps.
The Users and Groups folders are only available in the management console when your server is configured to use the standalone Subversion authentication mode. When this authentication mode is active, your server maintains a dedicated list of user and group accounts.
However, your screenshot shows that you've enabled Windows authentication. In this case, your server integrates with your Active Directory domain / Windows, and user and group accounts are maintained by Active Directory. I.e., you don't need to create users and groups in VisualSVN Server. They are already created in your domain and you can grant permissions to these accounts via the management console.
You can find more information about the authentication modes in the article KB182: VisualSVN Server authentication modes.
Related
We are trying to set up a SonarQube server (v. 6.5) to run in Kubernetes. Because of this, we need everything to be configured "as code" not through the web interface.
We have successfully set up single sign-on (SSO) against LDAP server, and that works as such. But since users can then not log out in order to log in as a static admin, we need some way to configure a group that has admin privileges.
It is my understanding that this should be done via group mapping, but all documentation and examples I can find only suggest setting up the groups through the UI.
Is there some way to configure groups via sonar.properties (or other properties file) that are then automatically mapped against groups from LDAP, and configure a group to get admin rights?
I am pretty new to SonarQube (and no ldap expert either), so I hope the question makes sense.
There is no way to configure groups through properties. There are web services (which are used by the UI itself) with which you could script this.
Alternately, see if you can turn on group synching with your SSO. Then you just have to grant admin rights (via the UI? via web services?) to the appropriate group in SonarQube.
I have a computer that is used for getting database information from the server in the same domain, and this computer is used by employees who don't have the server admin information.
When the computer restarts, I'd like it to automatically log in to Windows Server so that it can access the database files. Is it possible to write a script for this that runs on boot?
Thanks in advance
I solved this by adding the credentials to the Credentials Manager in Windows, along with disabling the Windows Server dashboard program. This makes Windows automatically log in to the server with the stored credentials on boot.
Since your question really isn't specific, I'd like to suggest two ways of accomplishing your goal.
Since you'd like to access database information, why not use some kind of database management software (like SSMS if you're using MSSQL) and set up proper permissions for the user/computer that will need to obtain information from that particular server/database.
If you need access to raw files (which doesn't make much sense in case of MSSQL for accessing purposes), why not set up proper permissions on the file or parent folder, giving the user that is logged to the client PC proper permissions to access the files that are of interest.
I am new to SonarQube and trying to setup up a proper access control, with requirements as follows:
We have a few project areas, each area should have someone able to
manage their area, such as creating new projects and manage the
boards, not sure exactly what. This is something like project area
administrators.
A few administrators can do anything.
Integrate to AD
A few questions:
In a few places like this link: http://www.sonarsource.com/products/features/security/, I see this role based method, but I can't find these default roles, "SonarSource products come with three project-specific roles – project administrators, project users and project code viewers" anywhere in the system. Right now, I am using the community edition I guess without a license. Is there any more detailed document on that?
I kind of understand the default Global Permissions and Project Permissions. In my case, shall I create e.g. three groups in AD, sonar-administrators,sonar-project-administrators, sonar-users to map to the default groups?
I notice the following: right now I don't have the above AD groups, when I integrate to AD, I can login with my domain id/password, but once logout/in, the group information I added to the local user gone. I guess it sych with AD. So to use AD, I have to create these groups in AD?
Jirong
Access control in SonarQube is managed through Global Permissions and Project Permissions. Each permission can be granted to user(s) and/or to group(s). The documentation you pointed at is quite outdated, read the Authorization page for the most up to date details.
AD/LDAP integration is a different topic, documented here. With group mapping, group membership stays managed in AD but will be replicated in SonarQube when users log in (the AD groups must first be created in SonarQube with the same name).
To your example: if AD users belonging to group foo deserve to administer your SonarQube, just create group foo in SonarQube, and (in the Global Permissions settings) give Administer System permission to group foo.
We would like to start two new development projects: Project1 and Project2. We have two groups of developers:
GroupA should have full (read + write) access to both projects, and
GroupB should have no access to Project1, but full access to Project2.
I followed Jeff Atwood's tutorial and successfully installed subversion 1.7.6 on Windows Server 2003 as a Windows service. I tested the system by adding folders and files, and commiting changes, and everything worked as it should (the client was TortoiseSVN 1.7.9).
Unfortunately, I couldn't figure out how I could configure the access rights of our developer groups in authz. The developers can connect to the server, but get Authorization failed messages when try to commit something.
Thank you for your help in advance.
I advise you to read the SVNBook (Version Control with Subversion). Please see the chapter which describes the path-based authorization. I think that the chapter answers your question.
The sample authz file is provided below. Please note that I don't explicitly set 'no access' rule for GroupB on /repo/Project1 repository directory. I set 'no access' to the root node for 'everyone' and then this permission gets inherited by it's child items unless you explicitly provide access to a folder or a file.
[/]
*=
[groups]
GroupA=john,sally
GroupB=harry,george
[repo:/Project1]
#GroupA=rw
[repo:/Project2]
#GroupA=rw
#GroupB=rw
I'd like to note that you can drastically simplify the process of managing SVN user permissions if you use VisualSVN Server Manager.
It provides comfortable UI to manage user permissions which you can find really helpful:
Update 2016
To manage access rules for SVN repositories hosted on VisualSVN Server you can now use PowerShell cmdlets packaged with VisualSVN Server. Beginning with version 3.4, VisualSVN Server includes PowerShell module that should help you with this task. The cmdlets you are looking for are
Add-SvnAccessRule
Get-SvnAccessRule
Select-SvnAccessRule
Set-SvnAccessRule
Remove-SvnAccessRule
Read the article KB88: VisualSVN Server PowerShell Cmdlet Reference for the complete list of VisualSVN Server PowerShell cmdlets.
My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
Here is the info that I have so far.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
Passwords of other administrators were changed but not mine fortunately.
User_notes table deleted, which renders the User Manager in the admin section useless.
According to logs the attack hit the following files in this sequence:
/administrator/index.php
/index.php (Root)
/plugins/authentication/joomla/joomla.php
/plugins/user/joomla/joomla.php
and then the changes to the users and user_notes tables.
There is no junk in either index.php
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
Thanks in advance for any help!
Firstly, reset the passwords of all the administrators, including yours, then change them and ensure they include letters and numbers. Then change the password for the host control panel using the password generator if they provide one. If not, use a password generator online. Once this is done change the password for your database username and don't forget to also update the configuration.php with your new password.
Secondly, download and install Admin Tools which will add more security to your site for the future. Admin Tools also comes with an Emergency Offline button which is useful.
Then download and install Saxum IP Logger which will trace all the registered users, giving you their IP address, country and so on and you can also block IP addresses using the plugin that comes with it.
Next, go to the host control panel and look at the logs to see which IP addresses have entered your website and while files they have accessed. The IP address that coresponds to the files edited, you can then block using the plugin I mentioned before. Joomla 2.5 is very hard to hack so it is rather likely you have an extension that is badly developed and allows SQL injection. Therefore you should always choose popular extensions to install on your website when they are database related.
Hope this helps you in the future. Regards
EDIT : You can also password protect your folders in the FTP for additional security.
You may also find this extension quite useful
After you recover from this, make sure you place a password on the /administrator directory with .htaccess, assuming this is a Linux based server.
Couple of steps that will help you identify the point of access.
Also depends on if you have access to some server side tools.
Contact host and ask them if they run Mod_Sec if so ask them for the Mod_sec flag for that IP.
Ask the host if they run any type of maldet tools - if so ask for a scan of your account.
If you have shell access run a check on what were the most recent files changes... Side from tmp and cache files.
Fixing the hack
1. Change all your passwords -
2. Install project honey pot.
3. Admin tools install is good but you need the pro version to really gain access to the security tools.
4. Migrate to a host that specializes in Joomla platforms, in most cases they already have the accounts configured for common security issues in Joomla.
Getting hacked really sucks... Good luck!
Relocate your administrator page by editing the config.php files .. and edit your FTP permission settings. If your administration login url was the standard location. (www.site.com/administrator ) change this location and block access using your hosting control panel to only certain ip address (and even restrict access by hours of availability.
How many administrator user accounts do you have. There really should be only one person with super user access . It is really not productive or safe to have other users that do minor edits of the website with administrator privileges; and they could accidentally cause issues. These are basic steps and there is a lot more you can do. Send an email if you need help/step by step instructions. Hope all goes well.