I have an established workflow, but a change has caused some complications. An upstream Windows server delivers a file to my Solaris server where the file is accessed by my Windows 2003 server.
The problem is that either the ownership or permissions on a file delivered daily to the Solaris server has changed, and now the service running on my Windows server cannot copy and delete the file.
My Windows server has a parent directory on the Solaris server mapped and authenticated by User1.
The failing file comes in with an ownership of User2 and permissions of 664.
The failing file can be copied and deleted directly through Windows Explorer without additional authentication. A scheduled task batch file also can perform the copy and delete without authentication. It is only the running service which is unable to perform these tasks.
For comparison, there are a collection of files following the same workflow. These have an of ownership of User1 and permissions of 755.
User1 is a member of User1.
User2 is a member of staff.
The Solaris directory holding the files has permissions of 755 and ownership of User1.
What change can I make to give my Windows services ongoing access to files with both ownerships?
UPDATE:
Using a persistent shell script to change the ownership.
Had to use a persistent shell script to edit the file ownership.
Related
I'm trying to use the Microsoft User State Migration tool with Powershell; the way the program "loadstate.exe" works is that it needs to be called locally so that it will load up a remotely saved state of the user's profile and then restore it to the local computer.
I am seeking to automate this with Powershell; in order to do this, I have written a script that will elevate the user to run Powershell in Executive/Administrative mode and then execute the following command, against the USMT program that is installed on all of our computers:
c:\usmt\loadstate.exe /i:$configfile $storepath
Where $configfile is the name of the configuration file and the store path is the name of where the files are stored at. This all works, except that when run from remote, it seems to try to execute it from the System context - the desktop files are instead restored with the ACL permissions of CREATOR OWNER, SYSTEM, and Administrators - rather than giving it to the actually logged on user.
So if I have it set as a logon script, and try to have it execute when the user GuineaPig logs in, it will seek to restore the files and it will actually restore it - but all desktop items will be invisible to GuineaPig because she doesn't have any rights to see them.
If I just have the script locally, say on the user's C:\ DRIVE, and then right-click and "Run as Powershell Script", it works fine.
How do I execute this remote powershell script(located on our domain controller) so that it will actually run it in the context of the local user?
Alternately, how do I just tell the Group Policy of a logon script to just run something from the user's computer? I can also just set the script to be copied to the C:\ of every local computer, I just need the logon policy to actually run it from the C:\ of every local computer as the locally logged on user.
Thanks in advance.
We're experiencing strange permission issues with SVN after switching from Windows Server 2003 to Server 2008.
On our standard build box there is a folder (C:\SVN_Code_Folder) which AD_User_A associates with a SVN repository using SVN_User and TortoiseSVN 1.7.6
When using Windows 2003, when AD_User_B logs into the box and tries to Update, Switch, Merge the SVN_Code_Folder with SVN_User, the command is executed.
It Windows 2008, it fails with the message:
Command: Update
Error: Working copy 'C:\jboss-4.2.3.GA\server\New folder' locked
Error: sqlite: attempt to write a readonly database
Error: sqlite: attempt to write a readonly database
Completed!
Attempting to unlock the file, which was never locked, via the context menu is met with the following message:
There's nothing to unlock. No file has a lock in this working copy.
I've played with the permissions of the folder and I've discovered that giving "Domain Users" control over the folder fixes the issue, but I would prefer to not have such a broad permissions. I've tried granting the same permissions to individual users and a SVN-group, but these too did not work.
What am I missing?
Is this an improper use of SVN?
Can 2 different Domain users update a folder using SVN without removing the .SVN file?
For future reference...
I had this same problem with some WC's that I copied over to my new laptop's hard drive, from a file share on my old machine.
It turned out that the problem was solved by giving myself (as opposed to all domain users, or any other group) full control over the folder.
Did you check the svn service user on the win2008 machine?
Does that user have local administrator privileges and also have permission to these folders on c:?
After changing anything restart the service.
For me change folder permissions did't help, but I have update for several directories in a batch script so I solved this by
cmd -> Run as administrator -> start update script
I have a Jenkins job that calls a batch file on a ClearCase drive (V:).
My Jenkins slave agent is running as a service using a local admin account.
The Jenkins job does the follow:
cleartool startview MY_VIEW
cd /d "V:\MY_VIEW\Build"
call PrepareBuild.bat
When I run the Jenkins job, I keep getting "Access is denied." in the Console Output when it tries to call the batch file. However if I manually run the above in command prompt, it completes successfully.
I did not have this problem under Windows XP. Does anybody know why this is happening on Windows 7 (32-bit)?
Thanks.
The V:\ is a virtual drive obtained with the windows command subst.
It is a shortcut between the root directory of your dynamic view (M:\yourView) and the virtual drive.
(Ie, V:\ is not particularly linked to ClearCase. It is just a drive letter the user wishes to associate to a certain ClearCase view root directory)
However, ClearCase registers that association in the registry HKCU/software/atria/....
Which means the ClearCase session run under the local admin account for Jenkins won't know about said association and the need to restore that virtual drive.
A workaround would be to make that drive permanent, using psubst.
That register the drive path in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices], and HKLM is accessible from all accounts.
See " How to make SUBST mapping persistent across reboots? "
I had the same problem. Had a simpler solution.
Jenkins doesn't have access to folders that only the user has access to (even though its run by the user). So the folder which is getting access denied you need to set folder permission to everyone not the user
I am trying to setup a FTP server. I am using VsFTPd on an Ubuntu server that will authenticate against an LDAP server.
My users should have access to their personal directory (read/write), to their public directory (read/write), to the public directory of other users (read) and to a general public directory (read). Admin users have read/write access on all directories.
My problem is the following: when a user is created on the LDAP server, he should be able to connect to the FTP server. But his directories will not be created on the FTP server. Another part of the problem is the modification of the status of an user: if an user becomes admin, how do I change his configuration to give him access to all the directories?
One solution would be to execute a script when an user tries to connect to the FTP server. This script would check if the directories are created and if not, create them.
But how can I configure VsFTPd to execute a script when an user logs in?
Thank you for your help.
You should use the pam module pam_mkhomedir. Use it globally for all the system or only for VsFTP if your installation was compiled against libpam.so. Check this using ldd in the vsftpd binary.
I have two users A and B on a Windows 7 machine. A has a Mercurial repository named Foo in a directory where both A and B have read-write access. When B tries to clone this repository he gets this error:
D:\Code>hg clone Foo FooClone
abort: D:\Code\Foo\.hg\requires: Access is denied
What is the cause of this error? How does a user clone a repository created by another user on the same Windows 7 machine?
You might decide this is too restrictive compared to cloning directly from the file system, but you could set up a web server on the machine, and have each user set up a directory containing repositories to serve over HTTP. Once the infrastructure is up and running, it should be no more difficult to use this setup day to day, and you won't run into file system permission problems.
icabod may be right about permissions, but this may instead have to do with ownership. User A may own those files, even though they're shared with B.
Try running the commandline console as Administrator.