[opencms-dev] Permissions problem with subfolders within asingle site

Patrick Early pearly at icomponent.com
Tue Jul 19 16:22:12 CEST 2005


Hi Stefan, 

 

Your suggestion worked great - thank you!  I didn't see the "Override
Inherited" option.  When that is checked, the ACL is set up correctly.
Incidentally, is there any documentation about what each type of permission
means?  For example, "View" appears to mean that the site can be viewed from
outside of the admin interface and "Read" within.  "Write" and "Direct
Publish" also make sense, but what is "Control"?

 

Thanks again for the help!

 

Regards,

 

- patrick

 

  _____  

From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Stefan Uldum Grinsted
Sent: Tuesday, July 19, 2005 3:24 AM
To: The OpenCms mailing list
Subject: Re: [opencms-dev] Permissions problem with subfolders within
asingle site

 


Hi Patrick 

It is my experience that the groups you create, somehow, always has to
inherit from Users. Otherwise it might give trouble. 
So in your case you will have to make Users the parent of both your
project-groups. But that will deny them access to your folders as Deny for
users overrule the Allow for the project-group. Therefore you also have to
change the permissions of the project-folders to nothing for Users and check
the override inherited. Meaning that neither allow or deny is set for the
Users-group for those folders. 

I hope this helps. 

Best Regards
Stefan Uldum Grinsted
---------------------------------
Par No 1 Interactive a|s
sug at interactive.as





"Patrick Early" <pearly at icomponent.com> 
Sent by: opencms-dev-bounces at opencms.org 

18-07-2005 20:48 


Please respond to
The OpenCms mailing list <opencms-dev at opencms.org>


To

"OpenCMS DEV Mailing List" <opencms-dev at opencms.org> 


cc

 


Subject

[opencms-dev] Permissions problem with subfolders within a single
site

 


 

 




Hello, 
  
I am a new OpenCMS user (version 6.0, Tomcat 5.1, MySQL 4.1, Trustix Linux)
and would first like to say what an impressive product it is!  I am,
however, having a problem with security regarding subfolders within a single
site.  I've checked the archive list with little success and can only assume
I'm doing something wrong (or missing something basic.)  :-) 
  
Anyway, I have a single site with a projects subfolder.  Within this
projects subfolder, I want to create a subfolder for project A and project
B.  So, we have: 
  
            /sites/default/projects/projectA 
/sites/default/projects/projectB 
  
I would then like to secure the folders by group to only allow access to
that folder to that group (and Administrators, of course.)  So, I created
two groups: 
  
            ProjectA 
            ProjectB 
  
And users to occupy those groups: 
  
            UserA (member of ProjectA group, not member of Users) 
            UserB (member of ProjectB group, not member of Users) 
  
The ACLs on the folders are: 
  
            ProjectA 
-        Administrators group: FULL access 
-        Users group: No access (explicitly denied in ACL) 
-        Guests group: No access (explicitly denied in ACL) 
-        ProjectA group: FULL access 
  
ProjectB 
-        Administrators group: FULL access 
-        Users group: No access (explicitly denied in ACL) 
-        Guests group: No access (explicitly denied in ACL) 
-        ProjectB group: FULL access 
  
What I am finding is that the user is continually prompted for username and
password when trying to access the resource, meaning that authorization
failed.  The only way I was able to get it to work is to allow access to the
folders to the Users group and then put each user in the Users group.  This
defeats the purpose of using the project-related groups in the first place.
It seems maybe that membership in the default Users group is required? 
  
Any advice you have is appreciated! 
  
Regards, 
  
- patrick 
  
_________________________________________________________ 
patrick early
principal software engineer           icomponent software 
 

_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20050719/318484cb/attachment.htm>


More information about the opencms-dev mailing list