I've been experimenting lot of headaches with implementing some behavior with permission in Windows 7.
I have the following directory structure (inside PROGRAM_DATA):
C:\ProgramData\foo\
C:\ProgramData\foo\test1\
C:\ProgramData\foo\test2\
The root folder has all permission for everyone. And shall be like this because Everyone can write new files at the level of foo folder.
The test1 folder has all permission for everyone.
The test2 must have the following rule: folders/files must only be writable by Administrators, and Everyone can read. This rule shall also be applicable for the test2 folder itself.
Now, everyting works well, except for this case:
Everyone can rename the test2 folder.
Of course, this will favor that we can renamed it, create a new folder with it's same name and so on (an attack).
Is there any solution? Maybe a strange combination of permissions?
Related
This is a weird one... On Ubuntu 14.04 I have a directory called /lib. As root, or on the server as a user with group privileges, I can write to this directory. Over FTP as the same user with group privileges I cannot, I get a Permission Denied error...
If I rename the /lib directory to anything else (in this case /lib-new) I can write to the directory over FTP.
What could be causing a Permission Denied error based purely on the name of the directory?
I've checked and tested the permissions of the directory (777, 775, 755, 664 and 644) as well as the directory above (/public_html - the root directory for the server) and nothing helps, unless I rename the directory something other than lib.
Please help, as SSH-ing into the server to make changes to anything within /lib is time consuming!
EDIT: The FTP server I'm using is ProFTP if it helps.
Try adding RLimitChroot off to /etc/proftpd.conf. May need to restart X for this change to take affect. By default, I think it will do the same thing to /etc directory as well.
I'm running Jenkins on OpenShift Origin, but no write permissions in home folder. This likely breaks some programs for me. Can you please help me with
moving home directory to location with write permissions, or
allowing write permissions in my home folder, or
telling Gradle in Jenkins to use different folder.
The only directory writable is the OPENSHIFT_DATA_DIR, this is the environment variable you can use to reference it.
I have an app that keeps most of its files in a directory, and I need everything in that directory to be readable and writable by any user, regardless of who was running the program that created them.
I'm installing the app using Indigo Rose's SetupFactory, and I am using their permissions facility in On Post Install:
File.SetPermissions(SessionVar.Expand("%AppFolder%"),
SID_EVERYBODY, SET_ACCESS, ALL_PERMISSIONS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
And for the most part, this works. The directory is accessible, and everything it is accessible, except for the one thing.
I have a utility program that constructs a configuration file. When it is run as administrator, the file it creates is not accessible to other users. It's properties allow access only to "SYSTEM", "Admin", and "Administrators". Files I create with Notepad, from Windows Explorer, by redirection on the command-line, etc., when running as the administrator, allow access to "Everyone", and to "Authenticated Users", as they should, given that those are the access rights provided by the directory, and the directory has Apply to: "This folder, subfolders, and files".
The question is why is this one file, created by this one app, not inheriting permissions from the directory, as it should?
There's nothing odd about the app. It's a simple C# app that constructs a string in memory, and then writes it to the file with:
FileStream fs = new FileStream(fileName, FileMode.Create, FileAccess.Write);
I don't see how it could be simpler. But what could be going wrong?
I have a local development environment setup on my mac and I am having permission issues accessing a folder in my ~/Sites directory.
Essentially I have Folder A in my Dropbox folder.
I created a SymLink of Folder A to my ~/Sites folder
ln -s ~/Sites ~/Dropbox/FolderA
When I try to access Folder A like so: localhost/~username/FolderA
The page says You don't have permission to access /~username/FolderA on this server
Can someone help me figure out this problem. When I do the same thing on MAMP I don't have this issue. Thanks in advance.
Go on private/etc/apache2/users/, edit your usernamefile.conf, add to the Options line, the option SymLinksIfOwnerMatch, don't use FollowSymLinks if the directory contains important personal files, if for example the dir that you want link is are under your Documents or Dropbox.
Remember that the directory linked by your symbolic link must have 755 permission, and so her parents!
Let's suppose you have /Users/foo/Dropbox/MySites/BarSite, both Users, foo, Dropbox, MySites, BarSite must be 755.
I've a windows service that updates our product. It copies the product files into a temp directory, usually "C:\Windows\Temp", patches the binaries, and then uses MoveFileEx to copy the files back to the install directory on a reboot, usually "C:\Program Files\Product". The files in the install directory are inheriting their security attributes from the parent folder. After the copy, patch, and reboot, the files in the install directory are missing some ACLs. Specifically the files don't have the ACL for the Users group anymore so users can no longer run the program after the reboot.
Can anyone explain whats going on here? It seems that copying from the install directory to the temp directory, the files inherit the ACLs of the temp directory. On the MoveFileEx/Reboot, though, the files only inherit the ACLs that both the install and temp directories have in common.
In Windows if you copy a file the file takes on the ACLs of the destination directory. If you move a file the ACL goes with it overriding any it might inherit from that directory. I'm not sure how MoveFileEx might operate differently on a file.
The temp directory is usually located under the user profile (both %TMP% and %TEMP% usually point here) so copying files here will have permissions for that user. Moving those files to the program files directory will take only that users rights with them and therefore only runnable by the installing user.
One potential workaround is to patch copies of the files with-in the same directory but with different names. After the reboot, the patched versions could be swapped in. Alternatively, do a reboot first and then patch them in-place, and just back them up to the temp directory in the event a manual rollback is required.
If you really want to move them to a different location, creating a temp folder in the same place as the files to be patched would help the permissions stay the same assuming the directory is using inherited permissions.