[opencms-dev] RE: Access rights to files in workplace
Jan Krag
jan.krag at framfab.dk
Wed Oct 25 12:39:43 CEST 2000
Hi Andreas.
Thank you for your quick answer.
You are perfectly right with regards to the system-folder, where this is not
a serious problem.
The problem exsist mainly with the content folder.
It has rights
/content/ Admin Users rwv rw- r-- -
Which is neccesary to ensure that "Users" can access the files but can not
view the folder.
Unfortunately this means that members of "Administrators" can not see the
folder either which is rather unfortunate in a multisite setup where we do
not want every local admin to have the "Admin" password.
The only solutions currently that I can seee are:
1) Change the folder to
/content/ Admin Administrators rwv rwv rw- - (changed group and
added more rights (g+v a+rw))
so that all Administrators have full access to the folder and normal "Users"
can stil see them. Unfortunately this gives Guests access to the
content-folder as well which is undesireable.
2) Change the folder to
/content/ Admin Users rwv rwv r-- - (added view to group (g+v))
This would make the folder viewable for Administrators and Users, which is a
different undesireable sideeffect.
Can you think of any others?
I don't have the full overview of what is "possible" with the hierarchical
group system.
Hope you understand the question.
Regards Jan
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jan Krag F R A M F A B A / S
Senior Systems Developer http://www.framfab.dk
jan.krag at framfab.dk Vermundsgade 40 A
Direct: +45 39 17 48 83 DK-2100 København Ø
Mobile: +45 40 10 46 79 Telefon: +45 39 16 29 29
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Real software engineers work from 9 to 5, because that is the
way the job is described in the formal spec. Working late
would feel like using an undocumented external procedure.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> -----Original Message-----
> From: Andreas Schouten [mailto:Andreas.Schouten at framfab.de]
> Sent: 25. oktober 2000 09:50
> To: 'Jan Krag'
> Subject: AW: Access rights to files in workplace
>
>
> Hi Jan,
>
> the default setup of user-rights is that one you described.
> It was done
> because only the "real" Admin should maintain the system
> folder and maybe
> update the workplace.
>
> You are free to change this default setup to your needs.
>
> We also can change the default setup, so the Group
> "Administrators" can view
> the system-folder.
>
> Regards,
>
> Andreas Schouten
>
> -----Ursprüngliche Nachricht-----
> Von: Jan Krag [mailto:jan.krag at framfab.dk]
> Gesendet: Dienstag, 24. Oktober 2000 22:47
> An: Schouten, Andreas (Germany)
> Cc: Lise Oline Larsen; Henrik Kjær Hansen; Anders Fugmann; Tommy
> Pedersen; Finn Nielsen; Emmerich, Michael (Germany)
> Betreff: Access rights to files in workplace
>
>
> Hi Andreas.
> I have a few questions for you about accessrights to the
> workplacefiles and
> folders.
>
> In the 4.1.34 build (and after), the main folders have the
> following rights
> in the default installation:
> /content/ Admin Users rwvrw-r---
> /download/ Admin Users rwvrwvr-v-
> /pics/ Admin Users rwvrwvr-v-
> /system/ Admin Administrators rwvrw-r---
> This means that Admin can see all folders but any other member of
> Administrators can only see download & pics, but may still
> access files in
> the other two folders.
> Is this the expected behaviour??
> I can see that this may be neccesary to provide the correct
> access and view
> rights for "Users", but it does seem like a big problem that
> administrators
> can't even see the /content/ folder.
> Do you have any comments or solutions to this?
> The problem gives us some very funny behaviour in multisite,
> as the new
> online-projects (for new sites) are created with a /content/
> folder with the
> same userrights as download & pics, so that a testAdmin (member of
> Administrators) can view all folders in the new project, but
> only two of
> them in the Default folder.'
> I am hoping for some input, so that I can figure out how to close this
> "bug". Either by deciding that it is not a bug or by fixing
> it somewhere.
> <greetings>Jan</greetings>
>
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Jan Krag F R A M F A B A / S
> Senior Systems Developer http://www.framfab.dk
> jan.krag at framfab.dk Vermundsgade 40 A
> Direct: +45 39 17 48 83 DK-2100 København Ø
> Mobile: +45 40 10 46 79 Telefon: +45 39 16 29 29
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Real software engineers work from 9 to 5, because that is the
> way the job is described in the formal spec. Working late
> would feel like using an undocumented external procedure.
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
>
More information about the opencms-dev
mailing list