Samba: 4.4.9
centos: 7
smb.conf relative code
[share]
path = /home/lingo/share
browseable = No
admin users = pi
guest ok = Yes
read only = No
valid users = hhh
write list = hhh
Access condition
Question
Why pi, as an admin user, cannot login, while hhh can do it ?
Operation I tried
After adding pi into the valid users, it works.
Others
I have reboot the smbd
valid users determines who can connect
admin users determines who can perform operations as root
Take a look at this table:
https://www.samba.org/samba/docs/using_samba/ch09.html#samba2-CHP-9-TABLE-1
Related
I would like to configure PhpMyAdmin to access only one database through one user.
I tried before to restrict access via .htaccess using this answer from 2013 but it did not work:
phpMyAdmin Block Access to Single Database
I hence tried by adding deny,allow rules as stated in this answer:
How do I restrict access to specific database user accounts in phpMyAdmin?
But it did not work too. I continue to access all users. I have read the documentation and rewrote the lines in config.inc.php as
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'deny user1 from all',
'deny user2 from all',
'allow user3 from all',
);
where user1 and user2 are users to deny, and user2 is user to allow. But I can still access with all users. I hence tried only
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
that should block access to all users, but I can still access with all users. I hence believe that /etc/phpmyadmin/config.inc.php is being overwritten in some way, since no change has effect, but I do not understand how.
Any idea on where to check?
Looks like you are allowing access to all users and then again you are trying to restrict some of the users, seems bit confusing.
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
The correct pattern should be deny access to all users and then provide explicit access to the specific user
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
Please refer the official document
https://docs.phpmyadmin.net/en/latest/config.html#cfg_Servers_AllowDeny_order
The correct configuration should be something like this
$cfg['Servers'][$i]['AllowDeny']['order'] = 'explicit';
$cfg['Servers'][$i]['AllowDeny']['rules'] = [
'allow user3 from all'
];
hope it works for you!
How to only first superAdmin access to a group permissions example(signature permissions), but other admin and superAdmin no access to that (signature permissions)
for example, first SuperAdmin with id = 1 only see and access some permissions and can change it,
and other superAdmin cannot see this permission.
Super admins are defined in the library/config.php file:
$config['superAdmins'] = '1,2,3';
1, 2 and 3 being three different user IDs.
I have a domain mydomain.com. The DNS servers for this domain are under my control and I'm running PowerDNS there. I've set up DNSSEC for my main domain mydomain.com and I've registered the keys at registrar. Everything works fine for the main domain. However when I create subdomains (zones) with PowerAdmin GUI then I get the following error for my subdomains from DNSSEC analysis tool at http://dnssec-debugger.verisignlabs.com/:
No DS records found for subdomain.mydomain.com in the mydomain.com zone
Question: how to add that DS record to mydomain.com zone with powerdns?
Note: I haven't used PowerAdmin, so this is a PowerDNS answer.
Assuming you have also signed these subdomains/zones, you would use pdnssec show-zone to see the DS records for them. Then, insert these DS records into the parent zone (mydomain.com), with fields set like this:
domain_id = id of domain.com
name = sub.mydomain.com
type = DS
content = copy/paste from pdnssec show-zone
You also need to insert NS records (as above, but with type=NS and content=name of your server), to get a valid delegation, even if it is local!
If you don't actually care about DNSSEC for the subdomains, just insert the NS records and leave out the DS. This will tell validators that the subdomain is deliberately insecure.
i am messing around with the cakephp 2.0's access lists,
so far i created a very simple example following the documentation.
I have set up a users table and the most important functions like index, add, login ecc. and is related to a groups table (every user belongs to a group).
I've also created a "houses" table wich contain different contents (houses).
Then i've set up auth in combination with the acl-component in crud mode,
including the aco and aro tree.
So far so good, everything is working so far, i can allow or deny single actions for every user.
But, i want further access control, that for instance a user can manage only a specific house.
So i've set up an aco for every house, allowed only read-access to the houses to the user and allowed update access only for the desired house.
But it won't work! No matter what i do.. i don't get access to the edit action.
Here my trees:
Aco:
[1] Houses
[5] House.1
[6] House.2
[2] Users
Aro:
[1] superadmin
[4] User.1
[1] admin
[5] User.2
[7] User.4
[3] customer
[6] User.3
And finally the aros_acos table:
id aro_id aco_id _create _read _update _delete
4 1 1 1 1 1 1
5 1 2 1 1 1 1
6 2 1 1 1 1 1
7 3 1 0 1 0 0
8 7 1 -1 1 1 -1
9 7 5 1 1 1 1
Fact is, that, if i try to do a quick check with:
var_dump($this->Acl->check(
array('model' => 'User',
'foreign_key' => 4),
array('model' => 'House',
'foreign_key' => 1),
'update'));
It gives back true!
Strange... Am i doing something wrong? Is there any way to decently debug the acl component (with information wich acos and aros the component is checking, seeing ecc.)?
Based on your aro_aco table, it looks like this is correct behavior. User.4 belongs to the admins group which has update permission. set to true in row 8. You have a rule in row 8 specifically for User.4, but you have granted update permission specifically to that user in that row. It appears that the ACL rules are working exactly as you have them setup. To prevent User.4 from using the update permission, run this at the cake command line to update your rules for User.4:
cake acl deny User.4 House.1 update
It should then return false when you run a check:
cake acl check User.4 House.1 update
EDIT
I'm going to attempt to revise this based on comments left below. I think that you may still be setting up the rules incorrectly. I am going to use the command line examples (because it's either to both type and to do in practice) but you can just as easily write the PHP to do this. My examples below also focus on admin, but you could use for the superadmin and users groups too.
First, deny everything to admins since we want to grant permissions individually:
cake acl deny admin Houses all
Then, grant the read only permission to admin so they can all read Houses:
cake acl grant admin Houses read
Lastly, grant the update permission to the specific user that gets update privileges:
cake acl grant User.4 Houses.1 update
These permissions should allow User.4 to read and update the House record. Keep in mind that if you have already created deny or allow records for User.4 then this example may not work. You may want to truncate your aco_aro table and start over since it's small at this point.
If all acl checks work, but the behavior is still incorrect, then you may have an issue with how the ACL component is authorizing an action. You may have to tweak those settings in $beforeFilter or your $components array.
I have a .sql database with which i interact using Django .
The database in the beginning is filled with public data that can be accessed from anynone.
Multiple individual users can add rows into a table(private data).
How can a user see only the changes he made in the database(private data)?
I assume you're using django.contrib.auth. You just need to do something like:
from django.contrib.auth.models import User
# ...
class PrivateData(models.Model):
# ... private data fields ...
user = models.ForeignKey(User)
Then you can get just that user's fields with:
PrivateData.objects.filter(user=request.user)
EDIT: So, if your users are just IP addresses, and you're not using a login mechanism, you don't really need django.contrib.auth... though it's good to have anyway since you can use it to authenticate yourself and use the built-in admin stuff to manage your site.
If you just want to tie data to IP addresses, set up an IPUser model:
class IPUser(models.Model):
address = models.CharField(max_length=64, unique=True) # Big enough for IPv6
# Add whatever other discrete (not list) data you want to store with this address.
class PrivateData(models.Model):
# ... private data fields ...
user = models.ForeignKey(IPUser)
The view function looks something like:
def the_view(request):
remoteAddr = request.META['REMOTE_ADDR']
try:
theUser = IPUser.objects.get(address=remoteAddr)
except IPUser.DoesNotExist:
theUser = IPUser.objects.create(address=remoteAddr)
userModifiedData = PrivateData.objects.filter(user=theUser)
One thing to note: when you're testing this with manage.py runserver, you'll need to specify the IP address via environment variable:
$ REMOTE_ADDR=127.0.0.1 manage.py runserver
When you use Django with a real web server like Apache, the server will set the variable for you.
There are probably several ways to optimize this, but this should get you started.
I'm assuming that users have to log into this application. If yes, add a column to every table for the username. Add WHERE username = ? to every query so they can see only their data.
For data manipulation requests, make sure that the username matches the value for every row; forbid the operation if not true.