Menu
▾
▴
Re: [Exist-development] Confused about permissions and defaults for XQuery files
|
From: Chris T. <chr...@gm...> - 2011-10-18 05:44:37
|
Dmitriy, Thanks. The per collection approach makes sense - does an explicit default at /db/A apply to children with out defaults like /db/A/B and /db/A/C/D and so on? It still seems that "u" means updatable and "w" means deletable in the code. Is this expected to remain true? Wolfgang's comment suggested otherwise saying that the new meaning was to be "rwx" which I assume meant that "w" would be deletable and updatable and "x" I guess would mean executable if the file was an xq or xqm otherwise I'm not sure what it would mean. Thank again, Chris On Oct 18, 2011, at 11:18 AM, Dmitriy Shabanov wrote: > On Tue, Oct 18, 2011 at 10:14 AM, Chris Tomlinson <chr...@gm...> wrote: > Hello, > > I'm looking into some issues surrounding permissions management in current trunk and am trying to make sure I understand what is intended and what is implemented in this area. I ran across this post of yours from 3 months ago and I wanted to know the status in this area is or whether it has been reconsidered. > > In looking at org.exist.security.Permission.java it looks like it hasn't been worked on since 4 Aug and the "update" nomenclature is still in place and used in org.exist.security.AbstractUnixStylePermission.java which hasn't been worked on for even longer. > > Trunk certainly still interprets the "u" perm as indicating that the file is updatable or not (versus deletable "w") and throws an error in the event that a user attempts to update and that flag isn't set for the user, group or other as appropriate. > > Is this the behavior we can expect as trunk morphs into 1.6 or are there more changes on the way for org.exist.security? > > I also seem to not understand the semantics of the <db-connection/> <default-permissions collection="0774" resource="0774" /> in the conf.xml file. I have the above set in the conf.xml on trunk rev 15412 and it doesn't seem to make any difference. For example, when I upload a file via the http://localhost:8080/exist/admin/admin.xql > Browse collections interface I get permissions: "rw-r--r--" rather than "rwuruwr--" which I would have expected. The same is true when running java client from the command line. > > This redundant and should be cleaned up. > > > We have need of being able to upload files and the resulting permissions need to be "rwuruwr--" by default. How do we achieve this via the admin.xql or the command line client? > > > You should use: > > .... > eXist has no "create index" command. Instead, indexes are configured in collection-specific configuration files. These files are stored as standard XML documents in the system collection: /db/system/config, which can be accessed like any other document (e.g. using the Admin interface or Java Client). In addition to defining settings for indexing collections, the configuration document specifies collection-specific other settings such as triggers or default permissions. > .... > > I didn't find any details at docs, so here some: > > <collection xmlns="http://exist-db.org/collection-config/1.0"> > <default-permissions resource="0774" collection="0774"/> > .... > </collection> > > by this you can define default permissions per collection. > > -- > Dmitriy Shabanov |
