acl

In linux, is there a way to set a default permission for newly created files and directories under a directory?

I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users. I would like a way to make sure that every file and directory created under this shared directory automatically had u=rwxg=rwxo=r permissions. I know that I could use umask 006 at the head off my various scr...

remove an ACL entry for just ONE user in MacOS? oddly difficult

I'm trying to remove an ACL set for johndoe from all the folders recursively on one of my drives without hosing any other entries! Anyone know how to do this without affecting the ACLs that already exist for other groups/users? I'm looking for the Mac equivalent of "setfacl -d u:johndoe" I know you can use chmod to remove a rule from m...

How can my C# app test whether the user has "Read" access to a network share?

I work on a thick-client app that often runs into "issues" accessing network shares. Before doing any IO with the server, my app tests whether the share (usually of the form \\server\share$) exists. This works fine for detecting those scenarios in which the client has lost its connection to the server, but there are still those odd scena...

Using Python set type to implement ACL

Currently I have tables like: Pages, Groups, GroupPage, Users, UserGroup. With pickled sets I can implement the same thing with only 3 tables: Pages, Groups, Users. set seems a natural choice for implementing ACL, as group and permission related operations can be expressed very naturally with sets. If I store the allow/deny lists as pic...

POSIX ACLs and the 'sticky' bit applied to a directory

POSIX.1e was going to define ACL (Access Control List) mechanisms for POSIX (amongst other security-related issues), but the proposals were never converted to a formal standard. Nevertheless, ACLs (not necessarily POSIX.1e ACLs) are supported at least optionally in all the main variants of Unix (Linux, BSD, MacOS X(ACL), HP-UX, AIX (p10...

can anyone recommend an off the shelf ACL java lib?

I'm not having any luck finding one. ...

cake's Acl problems...

I created an application using the method described in the "http:// book.cakephp.org/view/641/Simple-Acl-controlled-Application" but after I try to log in there is an error which says, "DbAcl::allow() - Invalid node [CORE\cake\libs\controller\components\acl.php, line 325]" I did exactly same as mentioned in the website but after loggin ...

Where does Windows store ACLs and do ACLs follow a file from one machine to another?

Our app uses a component that requires a license file in the directory with our executable, which happens to be a .NET WinForms app though I think it is immaterial to this question. When installed on some XP Pro machines (just three out of several hundred thus far), the component throws a license exception. So I regenerated the license f...

What should resources be in an ACL? Models of objects or the instances of the objects?

Please help me implement access control lists for my PHP web application. I'm using Zend_ACL specifically. I want fine grained, application wide control over what specific entity (be it a user or group) has access to what resource. I would like to be able to grant access to a particular resource instance, but also to all resources of th...

Checking folder/file ntfs permissions using python

As the question title might suggest, I would very much like to know of the way to check the ntfs permissions of the given file or folder (hint: those are the ones you see in the "security" tab). Basically, what I need is to take a path to a file or directory (on a local machine, or, preferrably, on a share on a remote machine) and get th...

delete old PostgreSQL data directory in win7

i'm not able to delete my old data directory in windows 7. i already uninstalled PostgreSQL, but there's still the system service user account "postgres", who's the only one with access-rights to the folder. possible solution would be to develop a service, running as "postgres" user, which deletes the folder, but there must be an easier...

Grid security

Recently, I've become quite involved experimenting with lightweight grid frameworks (Hazelcast, Gigaspaces, Infinispan). However, I've been somewhat surprised than none of the free frameworks I tried has any ACL or role based security features built in (Gigaspaces does have some measures). What approaches are generally used to compensa...

A reliable way to determine if ntfs permissions were inherited

Hello, I have a somewhat obscure question here. What I need: To determine if the permissions (or, strictly speaking, a specific ACE of a DACL) of a file/folder was inherited. How I tried to solve this: using winapi bindings for python (win32security module, to be precise). Here is the stripped down version, that does just that, - it s...

ERROR_BAD_INHERITANCE_ACL from SetNamedSecurityInfo?

What does ERROR_BAD_INHERITANCE_ACL returned from SetNamedSecurityInfo imply? In this case I'm adding a user to a directory's ACL. I've looked at the directory in question and its rights seem reasonable before the call. But the calls fails. Any thoughts? Here is the code snippet doing the work (and as I paste it here, I'm wonderin...

[Doctrine] Can fixtures "copy" items from other fixtures?

In my ACL fixtures I have resources and actions, most of the resources share common actions like CRUD, is there a way in Doctrine (yaml) to extend another element? Here is a blurb from my current yaml: Resource: R1: title: Article system_name: ARTICLE Actions: A1: title: Create system_nam...

CakePHP ACL Setup Help

I have a database setup like this (I know it isnt the best setup but its out of my power to change it :-( Basically there are 3 levels of users - Admin - Managers - Staff Few notes: -Each member of staff belongs to department -If the Staffs logon_code appears in the manager table they are a Manager, otherwise they are a member of staff...

How to restrict VOB read access in ClearCase (Windows Server) ?

Hi all, I have been asked to look at how to restrict read access on certain VOBs in ClearCase, for compliance reasons (so this needs to be auditable, etc, etc...). I have found a solution so far, that I will post here, but I still have questions, so any help would be appreciated. Especially as the devil is in the details, I think. For ...

Is there an API to set a NTFS ACL only on a particular folder without flowing permissions down?

In my environment, I have several projects that involve running NTFS ACL audit reports and various ACL cleanup activities on a number of file servers. There are two main reasons why I cannot perform these activities locally on the servers: 1) I do not have local access to the servers as they are actually owned and administered by anothe...

What source control systems have file level permissions?

I might propose migrating away from VSS due to its inability to grant and deny permissions at the file level. The question is what source control systems allow this. Update I am marking the SVN answer as the "correct" one, since it had the most feedback. However, there is no correct answer. I will make my recommendations to management b...

How should I structure my tree of resources in an ACL?

Hi All. Using PHP and Zend_ACL, I want to create an extremely flexible permissions system. I want to be able to assign permissions to all objects of a certain type, as well as to instances of those objects. If a specific instance of an object is queried and it doesn't exist in the resource tree then the permission set for the 'generic' o...