[opencms-dev] Permissions problem with subfolders within a single site

[Stefan Uldum Grinsted]

Hi Patrick

It is my experience that the groups you create, somehow, always has to 
inherit from Users. Otherwise it might give trouble.
So in your case you will have to make Users the parent of both your 
project-groups. But that will deny them access to your folders as Deny for 
users overrule the Allow for the project-group. Therefore you also have to 
change the permissions of the project-folders to nothing for Users and 
check the override inherited. Meaning that neither allow or deny is set 
for the Users-group for those folders.

I hope this helps.

Best Regards
Stefan Uldum Grinsted
---------------------------------
Par No 1 Interactive a|s
sug at interactive.as




"Patrick Early" <pearly at icomponent.com> 
Sent by: opencms-dev-bounces at opencms.org
18-07-2005 20:48
Please respond to
The OpenCms mailing list <opencms-dev at opencms.org>


To
"OpenCMS DEV Mailing List" <opencms-dev at opencms.org>
cc

Subject
[opencms-dev] Permissions problem with subfolders within a single site






Hello,
 
I am a new OpenCMS user (version 6.0, Tomcat 5.1, MySQL 4.1, Trustix 
Linux) and would first like to say what an impressive product it is!  I 
am, however, having a problem with security regarding subfolders within a 
single site.  I?ve checked the archive list with little success and can 
only assume I?m doing something wrong (or missing something basic.)  J
 
Anyway, I have a single site with a projects subfolder.  Within this 
projects subfolder, I want to create a subfolder for project A and project 
B.  So, we have:
 
            /sites/default/projects/projectA
/sites/default/projects/projectB
 
I would then like to secure the folders by group to only allow access to 
that folder to that group (and Administrators, of course.)  So, I created 
two groups:
 
            ProjectA
            ProjectB
 
And users to occupy those groups:
 
            UserA (member of ProjectA group, not member of Users)
            UserB (member of ProjectB group, not member of Users)
 
The ACLs on the folders are:
 
            ProjectA
-        Administrators group: FULL access
-        Users group: No access (explicitly denied in ACL)
-        Guests group: No access (explicitly denied in ACL)
-        ProjectA group: FULL access
 
ProjectB
-        Administrators group: FULL access
-        Users group: No access (explicitly denied in ACL)
-        Guests group: No access (explicitly denied in ACL)
-        ProjectB group: FULL access
 
What I am finding is that the user is continually prompted for username 
and password when trying to access the resource, meaning that 
authorization failed.  The only way I was able to get it to work is to 
allow access to the folders to the Users group and then put each user in 
the Users group.  This defeats the purpose of using the project-related 
groups in the first place.  It seems maybe that membership in the default 
Users group is required?
 
Any advice you have is appreciated!
 
Regards,
 
- patrick
 
_________________________________________________________
patrick early
principal software engineer           icomponent software
 

_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20050719/f19ec5c2/attachment.htm>