When a new VM is launched using Apache brooklyn , how can we create a login user with superuser/root privileges ?
The OS setup section in https://brooklyn.incubator.apache.org/v/latest/ops/locations/ suggests using 'dontCreateUser ' . where can I find this configuration ?
Should this be part of brooklyn.properties ? If yes, then how should this be done ?
Brooklyn will by default grant sudoers privileges to the created brooklyn user.
If you want to run as root directly, you can set
<location-prefix>.user=root`
and brooklyn knows not to create the user. This can be set in brooklyn.properties (or in yaml set user: root in the location block or under provisioning.properties in the entity). If you need a more explicit example just ask.
Related
I would like to create logfiles for my application in an user independent lactation. AFAIK C:\ProgramData is good place for that.
I've tried it this way:
if not DirectoryExists('C:\ProgramData\MyApp') then
CreateDirectory('C:\ProgramData\MyApp', nil);
LogFileStream := TFileStream.Create('C:\ProgramData\MyApp\LogFile01.txt', fmCreate, (fmOpenRead or fmShareDenyNone));
The problem with this approach is that the created filed does not have Authenticated Users nor Everyone in Properties->Security->Group or user names.
This results in other users being unable to modify the created files.
But how can I achieve this, also other users being albe to modify the created files.
I think it must be possible to have files with this permission there. Some files do have this permission e.g. C:\ProgramData\Microsoft\Windows\Ringtones\Ringtone *.wav
Maybe either in
1.) somehow creating a 'MyApp' folder in C:\ProgramData with Authenticated Users or Everyone permission which would result in TFileStream automatically creating files with the same permission or
2.) somehow telling TFileStream to create the files with the required permission or
3.) somehow changing the files permission with some API function after its creation or
4.) some other way??
The default permissions in C:\ProgramData, aka FOLDERID_ProgramData allow any user to create new files and folders. However, only the user who creates the file or folder has permission to write to it.
So, if you wish to allow any user to modify objects under FOLDERID_ProgramData then you need to add a permissive ACL to grant those rights. You would typically do that when you installed your program. Create a folder under FOLDERID_ProgramData and add an ACL to grant rights to whichever class of users you wish to allow full access.
As an aside, clearly you should not be hard coding C:\ProgramData, but instead using FOLDERID_ProgramData with the known folder API. I guess the code in the question is just for testing, and your real program code does it correctly.
I have been trying to change my super admin password on my database through the phpmyadmin on MAMP (localhost), I have coded the password in MD5 format and even got the confirmation message. However that does not solve my problem, I am still unable to log in in the joomla administration panel - Password and Username doesn't match error.
Whats surprising is that even with the confirmation message, the phpmyadmin screen doesn't record the last reset time.
Is there something I'm doing wrong or any field that I should complete?
It's easier to create a new normal user and either make it the root user in your configuration.php or go into phpmyadmin and then add the new user to the super admin group.
Please try to execute the following query (changing "jos31" with your database prefix):
INSERT INTO `jos31_users`
(`name`, `username`, `password`, `params`)
VALUES ('Administrator2', 'admin2',
'433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT', '');
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');
you could after login as: admin2 / admin
Another way is just paste the folowing password to your current super admin user and your new password will be: admin
433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
here is the complete tutorial
The one with 'secret' and 'admin' is found all around Internet. But there may be a situation when your Joomla site for some reason cannot change password in a normal way, and you don't want to go with "secret". Then there is another solution that's quite obvious, though maybe not for everyone...
You install Joomla 3* or whatever version you need (along with all its dependencies) ON YOUR LOCAL COMPUTER. During the setup you create your admin user/password. Now this is the password you want to use in your site where you've lost your Super User access. You just need to insert the HASH of that password into your site's MySQL db. So let's get that one now.
You go terminal/console, log in to mysql:
$mysql -u root -p
type in your password you've set up during the mysql installation.
Use your database name and db table prefix from your configuration.php in the root of your Joomla installation. Or you may remember them from your setup.
Then you derive your Super User password HASH from the db using this commands:
$mysql>USE $your_database_name;
$mysql>SELECT password from ${table_prefix}_users where name='Super User';
Now suppose your db name is "joomla" and your db_table prefix is "jehn34_".
Then your command will look like (don't forget the ";" at the end of each command!!!):
USE joomla;
SELECT password from jehn34_users where name='Super User';
You'll get your output like this:
+--------------------------------------------------------------+
| password |
+--------------------------------------------------------------+
| $OhMyGOODNESShereis02935468567$%^&*yourhashedpas0239u8i0e0jh |
+--------------------------------------------------------------+
1 row in set (0.00 sec)
You know your password for this one, so now you can now insert the string above into your MySQL Admin of your web-site in the corresponding field. Then you can use that password of yours.
NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.
I have configured the workgroup manager on Mac OS X Server (10.5.8) with 5 network users in 2 groups. Now I notice that when a network user makes a new folder, the folder is created with read & write permissions for that user, but the group to which the user belongs (as well as "everyone") has only read permissions and other network users are not able to add files or change things in the folder.
I found something about changing the umask by adding a launchd-users.conf file configuring the umask default setting. I did that on the server but that doesn't change anything.
It's a very annoying issue and I hope it's easy to fix. I'm not an expert, so I'm not sure if you know enough with the details above. If necessary I can provide further details.
Thanks a lot!
The basic problem is that the standard unix (/posix) permissions have no good way to control inheritance. Fortunately, there is a solution: grant access to the group via access control list (ACL) extended permissions, which do allow inheritance.
I don't have a 10.5 server handy, but I think the interface is pretty similar to 10.6: in Server Admin -> server name in the sidebar -> File Sharing icon in the top bar -> navigate to the folder/share point you want to grant group access to. If necessary, select the Permissions tab under the file navigator. Click the "+" button uder the permissions list to open the users & groups floating window, select Groups in the window, then drag the group you want to grant access to into the ACL (not POSIX) part of the permissions list. Change the Permission for the new ACL entry to "Read & Write", then click Save.
Note that the new ACL entry should have "Applies To" set to "This folder, Child folders, Child files, All descendants", which is what you want; but that only actually applies to new files/folders as they're created. To apply to the current contents, pull down the "action" (gear icon) popup menu under the permissions list, select "Propagate permissions", and propagate the ACL permissions to the current contents of the folder.
I made a new testfolder and ran the ls -le command on the higher level folder and got this as a result:
drwxr-xr-x+ 2 stein ACCOUNTING 68 Nov 14 09:18 Testfolder
0: user:_spotlight inherited allow list,search,readattr,file_inherit,directory_inherit
1: user:_spotlight inherited allow list,search,readattr,file_inherit,directory_inherit
2: user:_spotlight inherited allow list,search,readattr,file_inherit,directory_inherit
3: user:_spotlight inherited allow list,search,readattr,file_inherit,directory_inherit
4: user:_spotlight inherited allow list,search,readattr,file_inherit,directory_inherit
5: group:ACCOUNTING inherited allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
6: group:ADMINISTRATION inherited allow list ,add_file ,search ,delete,add_subdirectory ,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit
I think these are the ACL permissions right? I'm not sure how to get the POSIX permissions via command line? If this is not what you need to know, can you let me know how to get the information you need, as I'm not an expert obviously.
When I told you before what the group and user permissions were, I just right mouseclicked the folder and checked "get info". I don't know if these are the POSIX permissions or not. If I check the info: I see "spotlight" about 4 times, the group "ACCOUNTING" once with custom rights and once with "Read" rights, the user "John" that created the folder with "Read & write" rights, "everyone" with "Read" rights...
I have a write-restricted folder which may only be written in if the user is in a specific group or has been explicitly given the rights to do so. I have successfully implemented that with C++ using SetNamedSecurityInfo on the folder with the specified groups and users. However, the following scenario gives me trouble:
Admin gives write-rights to user
User creates a file
Admin removes write-rights from user
User keeps writing in the file
The last point is the problem. Since the user is the owner of the file he can write in it, even though the admin removed the right (by removing group membership for example).
I want to accomplish that the ownership of a file does not grant any rights to the owner in that restricted folder.
You need to remove the CREATOR OWNER SID from the folder, and push that down to the files.