[opencms-dev] Permissions problem with subfolders within a single site
Stefan Uldum Grinsted
sug at interactive.as
Tue Jul 19 09:23:34 CEST 2005
Hi Patrick
It is my experience that the groups you create, somehow, always has to
inherit from Users. Otherwise it might give trouble.
So in your case you will have to make Users the parent of both your
project-groups. But that will deny them access to your folders as Deny for
users overrule the Allow for the project-group. Therefore you also have to
change the permissions of the project-folders to nothing for Users and
check the override inherited. Meaning that neither allow or deny is set
for the Users-group for those folders.
I hope this helps.
Best Regards
Stefan Uldum Grinsted
---------------------------------
Par No 1 Interactive a|s
sug at interactive.as
"Patrick Early" <pearly at icomponent.com>
Sent by: opencms-dev-bounces at opencms.org
18-07-2005 20:48
Please respond to
The OpenCms mailing list <opencms-dev at opencms.org>
To
"OpenCMS DEV Mailing List" <opencms-dev at opencms.org>
cc
Subject
[opencms-dev] Permissions problem with subfolders within a single site
Hello,
I am a new OpenCMS user (version 6.0, Tomcat 5.1, MySQL 4.1, Trustix
Linux) and would first like to say what an impressive product it is! I
am, however, having a problem with security regarding subfolders within a
single site. I?ve checked the archive list with little success and can
only assume I?m doing something wrong (or missing something basic.) J
Anyway, I have a single site with a projects subfolder. Within this
projects subfolder, I want to create a subfolder for project A and project
B. So, we have:
/sites/default/projects/projectA
/sites/default/projects/projectB
I would then like to secure the folders by group to only allow access to
that folder to that group (and Administrators, of course.) So, I created
two groups:
ProjectA
ProjectB
And users to occupy those groups:
UserA (member of ProjectA group, not member of Users)
UserB (member of ProjectB group, not member of Users)
The ACLs on the folders are:
ProjectA
- Administrators group: FULL access
- Users group: No access (explicitly denied in ACL)
- Guests group: No access (explicitly denied in ACL)
- ProjectA group: FULL access
ProjectB
- Administrators group: FULL access
- Users group: No access (explicitly denied in ACL)
- Guests group: No access (explicitly denied in ACL)
- ProjectB group: FULL access
What I am finding is that the user is continually prompted for username
and password when trying to access the resource, meaning that
authorization failed. The only way I was able to get it to work is to
allow access to the folders to the Users group and then put each user in
the Users group. This defeats the purpose of using the project-related
groups in the first place. It seems maybe that membership in the default
Users group is required?
Any advice you have is appreciated!
Regards,
- patrick
_________________________________________________________
patrick early
principal software engineer icomponent software
_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20050719/f19ec5c2/attachment.htm>
More information about the opencms-dev
mailing list