Menu
▾
▴
Re: [Exist-development] Confused about permissions and defaults for XQuery files
|
From: Dmitriy S. <sha...@gm...> - 2011-10-18 05:33:31
|
On Tue, Oct 18, 2011 at 10:14 AM, Chris Tomlinson < chr...@gm...> wrote: > Hello, > > I'm looking into some issues surrounding permissions management in current > trunk and am trying to make sure I understand what is intended and what is > implemented in this area. I ran across this post of yours from 3 months ago > and I wanted to know the status in this area is or whether it has been > reconsidered. > > In looking at org.exist.security.Permission.java it looks like it hasn't > been worked on since 4 Aug and the "update" nomenclature is still in place > and used in org.exist.security.AbstractUnixStylePermission.java which hasn't > been worked on for even longer. > > Trunk certainly still interprets the "u" perm as indicating that the file > is updatable or not (versus deletable "w") and throws an error in the event > that a user attempts to update and that flag isn't set for the user, group > or other as appropriate. > > Is this the behavior we can expect as trunk morphs into 1.6 or are there > more changes on the way for org.exist.security? > > I also seem to not understand the semantics of the <db-connection/> > <default-permissions collection="0774" resource="0774" /> in the conf.xml > file. I have the above set in the conf.xml on trunk rev 15412 and it doesn't > seem to make any difference. For example, when I upload a file via the > http://localhost:8080/exist/admin/admin.xql > Browse collections interface > I get permissions: "rw-r--r--" rather than "rwuruwr--" which I would have > expected. The same is true when running java client from the command line. > This redundant and should be cleaned up. > We have need of being able to upload files and the resulting permissions > need to be "rwuruwr--" by default. How do we achieve this via the admin.xql > or the command line client? > You should use: .... eXist has no "create index" command. Instead, indexes are configured in collection-specific configuration files. These files are stored as standard XML documents in the system collection: /db/system/config, which can be accessed like any other document (e.g. using the Admin interface or Java Client). In addition to defining settings for indexing collections, the configuration document specifies collection-specific other settings such as triggers or *default permissions*. .... I didn't find any details at docs, so here some: <collection xmlns="http://exist-db.org/collection-config/1.0"> <default-permissions resource="0774" collection="0774"/> .... </collection> by this you can define default permissions per collection. -- Dmitriy Shabanov |
