In Linux, I have 2 usergroups A and B with a bunch of users in them, for both of them I have configured a few samba shares.
Group A has access to a share, B to another one.
Now I want to hide shares that groups don't have access to, from those users.
In smb.conf, by using browseable = no , and include = /etc/samba/custom/%U.conf, you can hide certain shares that users don't have access to.
For user groups however (no primary group), I can't seem to get it fixed.
Include = /etc/samba/custom/%G.conf only works for a primary usergroup.
Is there another solution besides changing primary usergroup each time I create a linux/samba user ?
Thanks
Check out this detailed answer by a friend of mine http://askubuntu.com/a/531476/330840
The key here is that you need to set permission for user groups so they are allowed or not allowed to enter a folder.
Related
I have used laravel filemanager in some of my projects. I want to know is it possible to share a directory for say 4-5 users so every group of users can access one specific direcory?
If two user have identical ID "or belongs to same group" then its possible to user share same directory
or you can Query::all so that all user can see other users uploaded files. But this will be below standard
I have created a user group "Sub-Users" under the "Registered" user group.
Now I have created and assigned some menus for Registered group and Sub-Users group.
Now when I logged in as Registered user I can't see the Sub-Users group menus and its OK for me,
But when I logged in as Sub-User group I can see the both menus (Registered & Sub User Group) and its not OK for me.
Now I am looking for solution if I logged in as Sub User I want to see only Sub User menus.
Can you please let me know if there is any solution.
Thanks
Access control is managed via 'viewing access levels' as opposed to 'user groups'
If you haven't already done so, check Users > Access Levels. Open the level names in question and check which groups you have configured for each access level.
Good luck!
We have a build system on which we need to fetch documents for other user's builds. We don't have their password but only their login and we will use a service account. Is there a way to get the access rights for another principal with the FileNet API so we won't allow them to fetch something they don't have access to?
For performance sake, I would rather ask the CE to do the check instead of getting all permissions and checking them all one by one. Plus nested groups and security priority (direct/template/proxy) might slow things done a lot and make the code complex. Something like getAccessAllowed but given a principal or a User? If there is not, what would be the best way to do that?
I saw that get_MemberOfGroups deals with nested group but we still have to check against all the permissions, taking care of the source priority and deny/allow priority, which means re-implement the CE security strategy.
You can create custom LoginModule to authenticate user without password, then you can work with CE as original user without service account.
But you need to add this users in FN objects ACL's with correct permissions.
If I got what you are saying right, I think the best way to do this is other way around. You don’t look what access right own by user and match with the document, you need to see what that user asking and he have right access levels. Best way is to use an Active directory with user groups and set permission for them document type vie. But let’s say same how you have set access permission on document’s side. When user call the document, get an Instance of it
Document doc = Factory.Document.fetchInstance(os,ID,null);
And get the permission list
AccessPermissionList parmissin = doc.Permissions;
And with loop get what permission is set for that document
foreach (IAccessPermission owner in parmissin)
{
if (owner.GranteeName == "your loginuserpermission" )
{
// you can cont your work
}
}
and keep a local
Set of permission where you validate your user (db/txt) and if they match, use your service account user and show image and information.
I'm developing a Joomla 3 website, where registered users can belong to several groups of interests (music, theater, technology, and so on).
I would like to give permission to my client to edit users by placing them in groups he desired. For example: user 1 can be in music and theater group; user 2 just registered (no group) and user 3 in technology group. Unfortunately the only permission that Joomla 3 allows you to edit users is the Administrator, but if I give this permission to my client, he will be able to edit articles, themes and other features that I do not want it to edit.
How can I create an access level that can manage only users list?
Thank you and sorry about my english.
Create a new group, assign that group only permission for managing users and whatever else you want and assign your users to that group but not admin.
As a short answer, if you don't want you client to be administrator, you can assign him to the manager user-group.
Then go into the Users Manager Component and click the Options button to go into its configuration page.
There you can override the Permissions Settings for the Users Manager component, so the Managers users will be allowed to Access Administration Interface of the component.
You will have the change the respective setting from inherit to allowed.
Of course if needed, you can create a complete custom ACL, with special usergroups for your users that will have certain accessibility and permissions.
But be careful, because ACL sometimes can be confusing and you might end up with a total mess.
My Understandings
I know we can add Group with some permissions and then we can create users with some permissions and finally we can add users to multiple permissions Groups. We can call these groups as roles as well. This is fairly simple.
The Real Problem
suppose we have teams and team members modules. A user "abc" is a member of multiple teams A, B, C. In team A the user's role is TeamLead. In team B his role is Assistant and in team C his role is NormalMember.
Now the problem is every one can see the list of teams. We need to display the Edit and Delete icons against each team. but only the authorise user can see the edit or delete link based on their role in the team inside a loop.
This is something linked with adding/removing roles or permissions on the fly.
Do you have any idea that how can I achieve this? how can I check permissions inside a loop with different roles in different teams.
Thanks in advance.
regards.
you can check whether the group is assigned to the user and accordingly show the buttons
Also use has_access attribute of sentry while defining route. In this case you can limiting the access of route itself if user try to access edit or delete functionality through url