Menu
▾
▴
Re: [Exist-development] Confused about permissions and defaults for XQuery files
|
From: Adam R. <ad...@ex...> - 2011-10-18 08:36:36
|
On Oct 18, 2011 6:16 AM, "Chris Tomlinson" <chr...@gm...> wrote: > > Hello, > > I'm looking into some issues surrounding permissions management in current trunk and am trying to make sure I understand what is intended and what is implemented in this area. I ran across this post of yours from 3 months ago and I wanted to know the status in this area is or whether it has been reconsidered. No the plan is still in progress. > In looking at org.exist.security.Permission.java it looks like it hasn't been worked on since 4 Aug and the "update" nomenclature is still in place and used in org.exist.security.AbstractUnixStylePermission.java which hasn't been worked on for even longer. > > Trunk certainly still interprets the "u" perm as indicating that the file is updatable or not (versus deletable "w") and throws an error in the event that a user attempts to update and that flag isn't set for the user, group or other as appropriate. > > Is this the behavior we can expect as trunk morphs into 1.6 or are there more changes on the way for org.exist.security? > A few more changes to come. Other priorities got in the way. But its top of my list again. > I also seem to not understand the semantics of the <db-connection/> <default-permissions collection="0774" resource="0774" /> in the conf.xml file. I have the above set in the conf.xml on trunk rev 15412 and it doesn't seem to make any difference. For example, when I upload a file via the http://localhost:8080/exist/admin/admin.xql > Browse collections interface I get permissions: "rw-r--r--" rather than "rwuruwr--" which I would have expected. The same is true when running java client from the command line. Default permissions have been removed as a security concern. > We have need of being able to upload files and the resulting permissions need to be "rwuruwr--" by default. How do we achieve this via the admin.xql or the command line client? You can set perms after upload... > Thanks, > Chris > > > On Jul 7, 2011, at 12:33 PM, Wolfgang Meier wrote: > > >> #1: Why does my controller.xql file need guest update permissions for > >> regular web browsing? > > > > For XQuery resources, the permission flags are now interpreted as rwx > > instead of the old rwu. We're in the process of changing this > > everywhere. The documentation is a bit behind. > > > > Wolfgang > > > > ------------------------------------------------------------------------------ > > All of the data generated in your IT infrastructure is seriously valuable. > > Why? It contains a definitive record of application performance, security > > threats, fraudulent activity, and more. Splunk takes this data and makes > > sense of it. IT sense. And common sense. > > http://p.sf.net/sfu/splunk-d2d-c2 > > _______________________________________________ > > Exist-open mailing list > > Exi...@li... > > https://lists.sourceforge.net/lists/listinfo/exist-open > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Exist-development mailing list > Exi...@li... > https://lists.sourceforge.net/lists/listinfo/exist-development |
