I've got a script that the user runs which creates a group of sub-folders in the chosen directory. Obviously the newly created folders inherit the permissions of the parent directory. I need one folder in that newly created group to have a single different ACL to restrict one specific user from access.
Is there a way to automate this at the creation of the folder? Or is there a better way to deal with this?
So, to clarify: Imagine a folder path like the following: E:\datastore\marcstone bids\7501-8000\7501 some high school project\management documents
See how the second to last directory is a project name? There are literally hundreds of these, inside of which are the same 10 folders. I want all my users to have access to all those folders, except I need to restrict access to one folder for one user.
Unless I'm missing something, no matter how I set up the parent directory permissions (which will get inherited) I will still need to either remove or add a permission from/to that one folder after it's created. This just feels clumsy and complicated. Am I missing something? Is there another way to do this?
The best practice is to make that one user a member of a different group, and grant that group
traverse permission on the parent folder (non-inheritable), and
access on that one child folder (inheritable).
If you only want to deny access to one subfolder, it's even simpler: just add a deny ACE for that group on the respective folder.
Nothing clumsy or complicated about it.
Related
After making changes in initializers/active_admin to work with two namespaces , I m facing to the problem of generating new resources in my custom directory, i want to separate the user's resources with the admin resources.
Someone can help?
I configured the way to use more than one namespaces in my active_admin project and I was expecting to find the way to generate some resources in admin folder and some other in my custom folder 'companies'
thanks.
Your initializers/active_admin.rb should contain config.load_paths += [...] where you can enumerate multiple directories containing resource registration files.
For example, I want to merge two .png files in one .png file, but I don't want to share those parts with user. Currently I am storing files in storage folder, but the problem is that storage folder is with .gitignore file as default. Of course I could allow to push it to git, but I suppose it's not a good idea, because there could be thousands of another files uploaded by the user. Now if I want to continue work from another computer I should move all my parts manually.
So what you could advice to me?
You can store it anywhere you want in your application.
For example, you can make a folder in your projects root called /uploads and then use one of laravel helper functions to specify where to save the file:
Example:
$save_path = base_path('uploads');
You can use the Laravel File Class to make sure the path exists with:
File::makeDirectory($save_path, $mode = 0755, true, true);
You will need to add use File; in the top of the file with all the class includes.
Later, to access said files you can make a View Composer which you can add logic to in order to limit who can view the file.
If you want to protect your files so that nobody can access without permission store all file into storage folder. Don't put your file in public folder.
I'm new in laravel
I have created a captcha.php file content-type image.
I'm not sure where is the best place to be stored securely. I google it and some people said put this file inside of resources folder
I dont think that you've realized that no single folder will be more secure than any other as once an attacker has compromised your computer they will be free to roam through your folders. Also using file permissions that do not permit read access to the folder is a good strategy to prevent an attacker who has compromised a non root account from reading your captcha.php file. But then you would not be able to run said file as a user needs read and execute permissions on the file if you wish to actually run the script.
I am using SonarQube (SQ) 6.0 community version and trying to setup authorization using groups and project permissions. There doesn't appear to be a way to assign permissions to a created group, even though the defined SQ groups have permissions assigned to them. What I wanted to do was assign permissions to a created group via the Admininistration->Security->Global Permissions process. But this action only returns the Anyone and sonar-administrators defined groups based on the usage of the internal API api/permissions/groups, which only returns groups with permissions. This same API is used in the action Administration->Projects->Management->Actions->Edit Permissions. From this last action the goal was to remove permissions for this project from the Anyone group and allow permissions from a created group (which would apply to the users in that group). But that doesn't seem possible. I've looked at permission templates, but that doesn't seem to allow association to a group. What I'm really attempting to do is a common RBAC process, which SQ does not seem to support. Is there a solution in SQ for this capability?
Yup, the UI is very confusing in this area, I struggled for quite some time before realising what to do.
What you need to do is first search for a string in the search box ("sonar" is a good query), and then the list will be populated with all users/groups matching that query. You can then assign them permissions as you see fit.
There are two different concepts at work here. Global permissions grant users and groups the ability to make global-level changes, i.e. changes that effect everyone such as which plugins are installed and what rules are active in a Quality Profile. Project permissions grant users and groups the ability to see and change individual projects.
Once your group is created and populated, you have two options:
Edit Permissions of Individual Permissions
Give the group specific permissions to individual projects by navigating to the project, then Administration > Permissions. This could get tedious if you have a lot of projects to update.
Create a Permissions Template
Create a permission template (Administration > Security > Permission Templates) and populate it by granting the group specific permissions. At this point no permissions have actually changed.
Once your template is properly constructed, you can apply it to projects individually, en masse, and/or by default as new projects are created via the template's Project Key Pattern. You can also make your new template the default so that its settings are automatically applied to all new projects regardless of project key.
Note that there is no ongoing relationship between a Permissions Template and the projects to which it has been applied. Subsequently editing a template will not update the permissions of any project.
I have Joomla site using JCE. I use the JCE groups to create permissions for different users.
I have created few groups and every group is permitted to control one media directory.
I have combined a specific user to two different groups assuming that this user will have the ability to access two different media directories.
But the user can access only one directory -- the first one I have assigned.
Can anybody help me to fix this problem?
What should I do in order to give a specific user access to different directories?