<br><font size=2 face="sans-serif">Hi Patrick</font>
<br>
<br><font size=2 face="sans-serif">It is my experience that the groups
you create, somehow, always has to inherit from Users. Otherwise it might
give trouble.</font>
<br><font size=2 face="sans-serif">So in your case you will have to make
Users the parent of both your project-groups. But that will deny them access
to your folders as Deny for users overrule the Allow for the project-group.
Therefore you also have to change the permissions of the project-folders
to nothing for Users and check the override inherited. Meaning that neither
allow or deny is set for the Users-group for those folders.</font>
<br>
<br><font size=2 face="sans-serif">I hope this helps.</font>
<br><font size=2 face="sans-serif"><br>
Best Regards<br>
Stefan Uldum Grinsted<br>
---------------------------------<br>
Par No 1 Interactive a|s<br>
sug@interactive.as<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Patrick Early"
<pearly@icomponent.com></b> </font>
<br><font size=1 face="sans-serif">Sent by: opencms-dev-bounces@opencms.org</font>
<p><font size=1 face="sans-serif">18-07-2005 20:48</font>
<table border>
<tr valign=top>
<td bgcolor=white>
<div align=center><font size=1 face="sans-serif">Please respond to<br>
The OpenCms mailing list <opencms-dev@opencms.org></font></div></table>
<br>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">"OpenCMS DEV Mailing List"
<opencms-dev@opencms.org></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">[opencms-dev] Permissions problem with
subfolders within a single site</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2 face="Lucida Sans Unicode">Hello,</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">I am a new OpenCMS user (version
6.0, Tomcat 5.1, MySQL 4.1, Trustix Linux) and would first like to say
what an impressive product it is! I am, however, having a problem
with security regarding subfolders within a single site. I’ve checked
the archive list with little success and can only assume I’m doing something
wrong (or missing something basic.) </font><font size=2 face="Wingdings">J</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">Anyway, I have a single site
with a projects subfolder. Within this projects subfolder, I want
to create a subfolder for project A and project B. So, we have:</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">
/sites/default/projects/projectA</font>
<br><font size=2 face="Lucida Sans Unicode">/sites/default/projects/projectB</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">I would then like to secure
the folders by group to only allow access to that folder to that group
(and Administrators, of course.) So, I created two groups:</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">
ProjectA</font>
<br><font size=2 face="Lucida Sans Unicode">
ProjectB</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">And users to occupy those groups:</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">
UserA (member of ProjectA group, not member of Users)</font>
<br><font size=2 face="Lucida Sans Unicode">
UserB (member of ProjectB group, not member of Users)</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">The ACLs on the folders are:</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">
ProjectA</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">Administrators
group: FULL access</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">Users
group: No access (explicitly denied in ACL)</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">Guests
group: No access (explicitly denied in ACL)</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">ProjectA
group: FULL access</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">ProjectB</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">Administrators
group: FULL access</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">Users
group: No access (explicitly denied in ACL)</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">Guests
group: No access (explicitly denied in ACL)</font>
<br><font size=2 face="Lucida Sans Unicode">-</font><font size=1 face="Times New Roman">
</font><font size=2 face="Lucida Sans Unicode">ProjectB
group: FULL access</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">What I am finding is that the
user is continually prompted for username and password when trying to access
the resource, meaning that authorization failed. The only way I was
able to get it to work is to allow access to the folders to the Users group
and then put each user in the Users group. This defeats the purpose
of using the project-related groups in the first place. It seems
maybe that membership in the default Users group is required?</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">Any advice you have is appreciated!</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">Regards,</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">- patrick</font>
<br><font size=2 face="Lucida Sans Unicode"> </font>
<br><font size=2 face="Lucida Sans Unicode">_________________________________________________________</font>
<br><font size=2 face="Lucida Sans Unicode">patrick early<br>
principal software engineer icomponent
software</font>
<br><font size=3 face="Times New Roman"> </font><font size=2><tt><br>
<br>
_______________________________________________<br>
This mail is send to you from the opencms-dev mailing list<br>
To change your list options, or to unsubscribe from the list, please visit<br>
http://mail.opencms.org/mailman/listinfo/opencms-dev</tt></font>
<br>