I am currently making a CLI tool gem that downloads files from some service and saves them to a specified folder.
I was wondering, what would be the best way to store user settings for it?
For example, the folder to download the files to, the api access token and secret, that kind of thing.
I wouldn't want to ask a user for that input on every run.
I would read the API stuff from environment variables. Let the users decide if they want to enter it every time or set the variable in a .bashrc or .bash_profile file.
And I would ask for the download folder every time.
Related
I'm following instructions here and it says that I will find a bitcoin.conf file Windows: %APPDATA%\Bitcoin\ and
To use bitcoind and bitcoin-cli, you will need to add a RPC password to your bitcoin.conf file. Both programs will read from the same file if both run on the same system as the same user, so any long random password will work: rpcpassword=change_this_to_a_long_random_password
However When I navigate to %APPDATA%\Bitcoin\ I don't see a bitcoin.conf file.
So What do I do? Do I add a bitcoin.conf file? There is a bitcoin-conf.md file in doc in my bitcoin install directory so maybe somthing todo with that? I really don't know. Thanks for pointing me in the right direction.
That guide does not take into account the fact that you do not have to add any RPC user or password to your configuration file for the past some years.
Bitcoind will generate a cookie that allows the CLI (command line interface) to communicate with the Bitcoin daemon using RPC without the user having had to give it a single thought.
That is a developers' guide, so developers may have more complex requirements that are solved if they specify their own RPC authentication settings, such as running multiple wallets, or possibly exchange software that communicates with the wallet or multiple wallets.
bitcoin.conf being optional, it is not by default created, and is not needed for ordinary usage, only becoming necessary when the user or developer has particular, non-default settings to set.
The possible settings can be found by the help command bitcoind -help and lists a number of command line parameters (beginning with a dash or hyphen) that can be typed or pasted after bitcoind on the command line, but can be put in a text file named bitcoin.conf without the minus sign before the command. For example: -connect=IPAddress becomes simply connect=IPAddress in the conf file.
For creating suitable rpcauth (username and hashed password), and rpcuser and rpcpassword values, I've found some resources such as https://github.com/jlopp/bitcoin-core-rpc-auth-generator
Rather than serving JLopp's RPC auth generator locally you can simply copy from, or use a Python script found in the Bitcoin repository under the folder named "share", you will see a folder called rpcauth which contains the rpcauth.py script and a small explanatory file called README.md.
You have to create this file and put a single line rpcpassword=<your_password> in it.
bitcoin-conf.md contains documentation for this btcoin.conf and particularily states:
The configuration file is not automatically created; you can create it using your favorite text editor.
Recommended reading this doc. It may help you to facilitate running your node.
I'm creating a web application using flask that takes 3 input from the user: name, picture, grades.
I want to store these information temporary depending on the user's session.
and as a beginner I read that sessions are not for storing files, what other secure way you recommend me to use?
I would recommend to write the files to disk.
If this is really temporary, e.g. you have a two-step-sign-up-form, you could write the files to temporary files or into a temporary directory.
Please see the excellent documentation at https://docs.python.org/3/library/tempfile.html
Maybe this should not be this temporary? It sounds like a user picture is something more permanent.
Then I would recommend e.g. to create a directory for each user and store the files there.
This is done with standard Python io, e.g with the open function.
More info about reading and writing files also can be found in the official Python documentation:
https://docs.python.org/3/tutorial/inputoutput.html#reading-and-writing-files
I need to run some GAM scripts across two domains as a client is migrating; is this possible? I've been trying to find any documentation on setup but there doesn't seem to be :/
Any help is appreciated!
Note: This is not a question about primary or secondary domains - if you need more information on primary/secondary switching I've found GAM3DirectoryCommands to be very helpful and descriptive!
It's not directly possible; however you can achieve this in the following manner:
create a CONFIGS folder (you can actually call this wahtever makes sense to you), and a sub-folder for each domain
move your client_secrets.json, oauth2.txt and oauth2service.json files from you GAM install folder into your newly-created domain folder
run gam info domain and gam info user to see how this affected your gam install
to create a new domain setup, run gam create project
once complete, run gam info domain and gam info user again to see the difference
remember to save your new config to your CONFIGS folder for this new domain too!
when you've replaced the config files, run gam user <your_admin_account_for_the_current_domain> check serviceaccount before running any commands, otherwise you're likely to get some errors ;)
Now you can switch between domains by replacing client_secrets.json, oauth2.txt and oauth2service.json in your GAM install folder (and remember to check serviceaccount).
Obviously there are many more elegant ways to do this - but this will form the basis of your powershell script in any case ;P
Hope this helps!
It is fairly easy, easier than the current answer in fact.
gam reads an OAUTHFILE environment variable which points to the access credentials (oauth2.txt by default). This is all that matters, as you can use the same GCP project for multiple domains.
So, all you need is an easy way to go around changing the OAUTFILE variable. I personally go with this gam alias (instead of the default alias in .bash_profile):
gam() { export OAUTHFILE=~/.local/share/gam/auth-$1.txt; shift; "~/.local/share/gam/gam" "$#" ; unset OAUTHFILE }
So my gam syntax now is
gam <something> info domain
No that above I use ~/.local/share/gam/... your paths might differ. Also you might want a $HOME/.gam-secrets and put them there.
Something is a simple string to uniquely identify each domain (it will be used for constructing the OAUTHFILE in the alias.
DO NOT forget to give your GCP service account access to all the domains (https://admin.google.com/AdminHome?#OGX:ManageOauthClients).
I can't think of a shorter path to gaving a multi-domain gam.
I'm using Apache 2 to run my localhost on Mac (Mavericks), and every time I add a file or a folder in the default directory /Library/WebServer/Documents (and its subdirectories) the system asks me to authenticate:
This is a problem specially when using frameworks like Symfony or Zend Framework because they can't have writing access to folders. What can I do to solve this?
Mac/Linux grants access on different levels:
Per user
Per group
Per everybody
The folder Library/WebServer/Documents outside of the logged-in user paradigm (you) therefore write access (and other access like execute) is only granted to the administrator of the computer (or so-called root) which isn't you however on most Mac environment the password of root is your password (different users with the same password).
You will want to modify Apache2 configuration and change the directory to a folder located within your user's directory which is something like /Users/{whatever is your username} (you will probably need to create the folder).
Once, you moved the content of /Library/WebServer/Documents into the new folder, make sure the permission are set properly. Refer to the following documentation at the chapter "How to Modify Permissions with the Info Window".
The reason why your Mac is asking for permissions to write files outside of your user's directory is for security reasons. Imagine if you download a file, execute it and grant access (by giving the root password) then the file could potentially be a virus and erase or do all kind of things on your computer.
I have installed a ruby script (script.rb) on a Linux system that 'requires' another file (required.rb) with a bunch of custom methods.
I do not want to let my users read required.rb.
If i remove read access (i.e. chmod 600 required.rb) and then try to run my script as a user I get the following error:
no such file to load -- /etc/required.rb
Is there away to allow ruby to read this required file but stop users from seeing it?
Whether a process can read a file is governed by the effective UID of the said process. If you change permissions of the file, then processes by the user (including the ruby process) cannot read it.
One solution is to make your ruby interpreter owned by someone else and then make it setuid but this will give it the power to read these "protected" files regardless of what script it runs. In short, don't do this.
An other option is to keep your data somewhere other than on the file system and then use a separate authentication system for that.
The right way in my opinion is to have all the methods in your script but use some kind of a AAA harness that restricts access to methods you don't want the user to run. You can then use any AAA backend to authenticate your user (LDAP, password file etc.).