Access security denied user.dir and jaxp.debug
Hi all,
I have a big problem. I must provide an applet at lots of clients but I can't set their java.policy file.
The process must be transparency of them.
Then I can't use signed applet.
When I launch my applet, I have a exception :
access security denied user.dir and jaxp.debug
My exception came when I use the class XPathAPI from jakarta.
Thanks.
Did you ever find a solution? I am having the same problem and would really appreciate any help that you can give.
Thanks in advance.
Similar Messages
-
Access to business partners denied.User "so and so" is not a sales employee
Hi all,
I was trying to create a snapshot in outlook in a users computer but unfortunately the system displays a strange message:
Access to business partners denied.User "so and so" is not a sales employee
The user is a member of Sales Employees/Buyers-well what i mean is that the sales name is there but not user name ie Frank Blank is there but not FrankB for example.
Any ideas ?
Thank you,
MBHi Matthew,
Interesting message as we use the O/I ad-on... on the EMD record, go to the Membership tab and add 'Sales Employee' under "Role" to the EMD record. Shot in the dark but that's all I got.
HTH,
Heather -
Error when trying to access the RBAC User editor and Message tracking
Hi,
I am getting an error when trying to access the RBAC User editor and Message tracking on the Web Mgmt interface. I verified that the admin account trying to access is in the Organization Management group and has the correct Role Assignment Policy applied.
I searched through this thread below and saw that matching the msExchRoleLink and msExchUserLink attributes fixed the issue.
https://social.technet.microsoft.com/Forums/exchange/en-US/fc568cc6-8691-4127-b70b-bcc82f9b1f7f/first-2010-cas-server-no-administrator-rights-emc-permissions-gone?forum=exchange2010
However I have another environment where this is not the case and works just fine; the msExchUserLink attribute has a value of CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=Domain,DC=Local which is different as per the issue outlined in
the above thread so I am not convinced that this will work and also don’t want to blindly edit something in adsiedit without being sure.
I then checked the event logs on the server and saw the below error logged;
Current user: 'Domain/Server Services Accounts/administrator'
Request for URL 'https://server.domain.com/ecp/default.aspx?p=AdminDeliveryReports&exsvurl=1' failed with the following error:
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Exchange.Management.ControlPanel.UrlNotFoundOrNoAccessException: The page may not be available or you might not have permission to open the
page. Please contact your administrator for the required credentials. For new credentials to take effect, you have to close this window and log on again.
at Microsoft.Exchange.Management.ControlPanel._Default.CreateNavTree()
at Microsoft.Exchange.Management.ControlPanel._Default.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.default_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Microsoft.Exchange.Management.ControlPanel.UrlNotFoundOrNoAccessException: The page may not be available or you might not have permission to open the page. Please contact your administrator for the required credentials. For new credentials to take effect, you
have to close this window and log on again.
at Microsoft.Exchange.Management.ControlPanel._Default.CreateNavTree()
at Microsoft.Exchange.Management.ControlPanel._Default.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
I then had a look at the IIS permissions for ecp and owa. The account did not have permissions so I added them there but still got the same error. I’ve also tried all of the above with a newly-created account but still got the same issue.
Any ideas as to what the above event log is specifically referring to?Hi,
From your description, I would like to clarify the following thing:
If you want to search message tracking logs, the account you use should be a member of the role groups below:
Organization Management role group, Records Management role group, Recipient Management role group.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
Vi with access via both user interface and external communication
Hi,
Maybe a little bit too general but I'll risk it:
It concerns a project to stear a tensile machine. Data acquisition is relative straightforward via a few analogue and digital channels.
The interaction of the operator with the tensile machine can be done at two levels:
1. Directly via an user interface on the computer next to the machine. Here I would typically use a state machine in combination with event structures.
2. Remotely, via TCP protocol. Here different clients (external program, written in C) should be able to connect to the LabVIEW program and send simple commands such as 'read force', 'write force', 'read status', ...
It is relatively easy to setup a small daemon that accepts TCP connections from multiple clients. Furthermore I would put the commands from the clients into a message queue (using a producer/consumer structure).
I was wondering what the best method is to allow both the user interface and the external clients to stear the machine (e.g. using an event structure to respond to interactions via the user interface, and create user events from the commands of the clients to access the same actions).
Steven
LV8.5Hi VPS,
one way could be to build your TCP receiver in one while loop and your event structure in another while loop. if you want to send a command from the event structure you can send this over tcp to the TCP receiver.
Another way could be to use a queue or notifier to send the commands from the event structure and the TCP receiver to another while loop which work with the received commands.
Mike -
i can not launch browser toget version info or anything else, when it upgraded to newest version it stopped working-i've tried launching in Safe Mode and have tried all icons
You can save a copy of your passwords file, but I don't think you can open it without Firefox.
Your passwords file is in your profile folder. You might want to make a backup copy of the whole folder. Info on locating the folder: [http://support.mozilla.com/en-US/kb/Profiles Profiles | How to | Firefox Help].
You may want to try reinstalling Firefox 3.6. You can download the installer from http://www.mozilla.com/firefox/all-older -
Accessing windows user id and password
Hi
I need to access my windows user id and password through my java code.Is that possible?If yes then how can we do it?
-VikzVikz wrote:
I need to access my windows user id and password through my java code.Is that possible?If yes then how can we do it?Userid: possibly.
Password: doubt it (and if you could, I'd buy a new system).
It also runs against the grain of Java, which is that it is platform-independant.
Winston
Edited by: YoungWinston on Jul 19, 2010 3:55 AM
Too late :-) -
Ide.user.dir in Jdeveloper 12c
Hi Gurus,
I am just installing Jdeveloper 12c 64 bit for windows. There is another Jdeveloper 10.1.3.3.0 already in placed which i want to keep for EBS R12 OAF extendsion development.
Jdeveloper 10.1.3.3.0 was installed in D:\JDEV\1213\jdevhome\jdev and environment variable JDEV_USER_HOME is set to D:\JDEV\1213\jdevhome\jdev
Jdeveloper 12c was installed in D:\oracle\Middleware\Oracle_Home\jdeveloper
I created new environment variable JDEV_USER_DIR and set it to D:\JDEV_121200_win64\jdevhome\jdev, but notice some different behavior for ide.user.dir entry after Jdeveloper launched.
Scenario 1: Launch Jdeveloper 12c with command : jdev.exe -J-Dide.user.dir=D:\JDEV_121200_win64\jdevhome\jdev
In Help->About->Properties, value of :
ide.user.dir = D:\JDEV_121200_win64\jdevhome\jdev
ide.pref.dir = D:\JDEV_121200_win64\jdevhome\jdev
Systemxxx folder created in D:\JDEV_121200_win64\jdevhome\jdev\system12.1.2.0.40.66.68
Scenario 2: Add ide.user.dir entry = D:\JDEV_121200_win64\jdevhome\jdev in jdev.boot
Launch Jdeveloper 12c
In Help->About->Properties, value of :
ide.user.dir = D:JDEV_121200_win64jdevhomejdev
ide.pref.dir = D:JDEV_121200_win64jdevhomejdev
JDEV_121200_win64jdevhomejdev folder created in D:\oracle\Middleware\Oracle_Home\jdeveloper\jdev\bin
Question : Why ide.user.dir and ide.pref.dir entry are not created with "\" ? Why JDEV_121200_win64jdevhomejdev folder is created whereby i wanted to be in
D:\JDEV_121200_win64\jdevhome\jdev?
Scenario 3: Launch Jdeveloper 10.1.3.3.0
In Help->About->Properties, value of :
ide.user.dir = D:JDEV_121200_win64\jdevhome\jdev
Question: How to keep the ide.user.dir for this version remain to point to D:\JDEV\1213\jdevbin instead of D:JDEV_121200_win64\jdevhome\jdev?
Is there any impact when i leave it to point to D:JDEV_121200_win64\jdevhome\jdev?
Regards,
FendyI change ide.user.dir in both files and it works.
-
Get current directory(without user.dir)!!!!
Dudes,
need help badly... i need to get the current directory of the jar file where it gets launched from. Since the launching takes place from an html file, the system property "user.dir" does not get set to the current directory. Both the html as well as the jar file is in the same location.
so in short, i need to get the current dir without using the user.dir that i can later set it explicitly thru my program(to the current dir)"Search the CLASSPATH for the first occurence of your jar file... but FFS only do it once, and save the result"
Cud ya elaborate that statement.
Also, the reason i wanna know is this : my jar file references all the images that it uses, thru a relative path(./a/b/c.....). So wen i simply double click the jar file, the relative path("./") gets replaced with the current workin directory(from user.dir) and fetching of images works perfectly. But if it is launched via html, the user.dir does not get set to the current working dirctory and as a result the jar file looks for its images in the default location which is the desktop. so it doesnt work
Now that the context is clear, is there a way out???? or is there any way in which i can set the user.dir from the html itself(maybe by using javascript or somethin??) -
Difference between user directory and native directory in Shared Services
Hi,
Please any one can help me......
I am new to Hyperion, what is difference between Hyperion Shared services Native directory and User/Active directory.
thanks in advance..............Hi,
Shared Services native directory, as the name suggests, is a user directory (i.e. ldap) that is native to Hyperion. It allows you to create users, groups and define access rights to Hyperion Products. User/Active directory is the directory where users in your company reside. Shared Services can connect to it and retrieve the list of users and groups. You can define the access rights for these users if you configure the system in a way that it works with Active Directory.
You can use both combined also. Meaning, you can create user groups in native directory and assign native directory users into them and define access rights onto user groups and/or users.
Cheers,
Alp -
Hi,
I am new to using EWS managed APIs.
Following is the issue:
1. I am using a service account e.g. [email protected]. This user is a global administrator and also has ApplicationImpersonation role assigned. (Sign into Online Office 365 account -> Admin -> select "Exchange" tab- > select Permissions
on the left panel -> create an impersonation role -> assign ApplicationImpersonation in Roles: and [email protected] in Members: -> Click on save)
2. Create a calendar item by other user for e.g. [email protected], and invite an attendee - [email protected].
3. In a c# program, I connect to EWS service using a service account - [email protected], fetch its calendar events. If organizer of an event is some other user - [email protected] then
I use impersonation in the following way to update the calendar event/item properties- subject, body text etc.
private static void Impersonate(string organizer)
string impersonatedUserSMTPAddress = organizer;
ImpersonatedUserId impersonatedUserId =
new ImpersonatedUserId(ConnectingIdType.SmtpAddress, impersonatedUserSMTPAddress);
service.ImpersonatedUserId = impersonatedUserId;
4. It was working fine till yesterday afternoon. Suddenly, it started throwing an exception "Access is denied. Check credentials and try again." Whenever I try to
update that event.
private static void FindAndUpdate(ExchangeService service)
CalendarView cv = new CalendarView(DateTime.Now, DateTime.Now.AddDays(30));
cv.MaxItemsReturned = 25;
try
FindItemsResults<Item> masterResults = service.FindItems(WellKnownFolderName.Calendar, cv);
foreach (Appointment item in masterResults.Items)
if (item is Appointment)
Appointment masterItem = item as Appointment;
if (!masterRecurEventIDs.Contains(masterItem.ICalUid.ToString()))
masterItem.Load();
if (!masterItem.Subject.Contains(" (Updated content)"))
//impersonate organizer to update and save for further use
Impersonate(masterItem.Organizer.Address.ToString());
// Update the subject and body
masterItem.Subject = masterItem.Subject + " (Updated content)";
string currentBodyType = masterItem.Body.BodyType.ToString();
masterItem.Body = masterItem.Body.Text + "\nUpdated Body Info:
xxxxxxxxxxxx";
// This results in an UpdateItem operation call to EWS.
masterItem.Update(ConflictResolutionMode.AutoResolve);
// Send updated notification to organizer of an appointment
CreateAndSendEmail(masterItem.Organizer.Address.ToString(), masterItem.Subject);
masterRecurEventIDs.Add(masterItem.ICalUid.ToString());
else
Console.WriteLine("Event is already updated. No need to update again.:\r\n");
Console.WriteLine("Subject: " + masterItem.Subject);
Console.WriteLine("Description: " + masterItem.Body.Text);
catch (Exception ex)
Console.WriteLine("Error: " + ex.Message);
5. What could be an issue here? Initially I thought may be its a throttling policy which is stopping same user after making certain API call limits for the day, but I am still seeing this issue today.
Any help is appreciated.
ThanksYour logic doesn't sound correct here eg
2. Create a calendar item by other user for e.g. [email protected], and invite an attendee - [email protected]
3. In a c# program, I connect to EWS service using a service account - [email protected], fetch its calendar events. If organizer of an event is some other user - [email protected] then
I use impersonation in the following way to update the calendar event/item properties- subject, body text etc.
When your connecting to [email protected] mailbox the only user that can make changes to items within
abccalendar is abc (or ABC's delegates). If your impersonating the Organizer of the appointment pqr that wouldn't work unless the organizer had rights to abc's calendar. If you want to make updates to a calendar
appointment like that you should connect to the Organizers mailbox first update the original, send updates and then accept the updates.
When you impersonate your impersonating the security context of the Mailbox your impersonating so its the same a logging on as that user in OWA or Outlook.
Cheers
Glen -
I am a PC user and I have Adobe Creative Cloud Muse 2014. I have received the 'Could not sign you in [Access denied: 530]. Check your user name and password' error when trying to upload my muse site to my ftp host, GoDaddy. I have successfully done this in the past and only recently it has stopped working. I looked online at the FAQ Adobe Muse Help | Uploading an Adobe Muse Site to a third-party hosting service and it said to download the ftpprefs.xml file but this file simply leads to a blank page that says /*Not found*//*Not found*/.
Can someone direct me to a working page with this file or provide a different solution? Thank you!Hello,
As you are getting error [Access denied: 530] it means issue is with access. Either the username and password you are entering is incorrect or you do not have proper permissions.
I would suggest you to contact Godaddy to either reset password or reset the permissions.
Regards
Vivek -
User name and password required to access Security settings
I have an HP5520e all in one printer. I am trying to set it to scan to my computer. The instructions say I should activate Webscan from the Administrator Options under Settings and Security. When I try to get to Administrator settings I am being asked for a user name and password. What username and password am I supposed to enter here?
This question was solved.
View Solution.gnomad899,
Welcome to the HP Forum.
Start with the standard:
admin = admin
password = password (or leave it blank)
This assumes, of course, you have not used EWS (embedded web server) and set a password for it previously -- which you CAN do while using EWS. Once you do set a password using the EWS page, everytime you want to look at certain settings, adjust certain settings, you have to enter the password you set up.
EWS is simply the web page interface to the printer -- like you use a web page to talk to your router software. Same thing - sort of, except you type in the printer IP on your browser instead of the router, of course.
============================================================================
If it won't let you in,
You can try resetting the printer. Be Aware that should you do this, you have to re enter any previously entered information (wireless settings, etc.).
You might be able to reset the printer on the front panel - settings > factory defaults (or similar).
OR
from TroubleShooting > Solve a Problem > Printer Does Not Maintain Wireless Connection
Step four: Reset the printer and wireless router, and then restart the computerFollow these steps to reset your printer and your wireless router, and then restart your computer.
NOTE:Consider bookmarking this page on your web browser so that you can reference it after restarting the computer.
Follow these steps to reset your printer, your wireless router, and your computer.
Press the Power button on the printer to turn it off.
Disconnect the power cord from the rear of the printer.
Disconnect the power cord from the wireless router.
Turn off the computer.
Wait 30 seconds.
Reconnect the power cord to the wireless router.
Wait 30 seconds, or until the router is fully on and ready.
Turn the computer back on.
Wait for the computer to reload.
Reconnect the power cord to the rear of the printer.
Turn the printer back on.
===========================================================================
Reference:
HP 5520 e All in One Printer
User Guide
Click the Kudos Thumbs-Up to show you appreciate the help and time from our Experts.
Although I strive to reflect HP's best practices, I do not work for HP.
Click Accept as Solution when the Answer is a good Fix or Workaround!
Kind Regards,
Dragon-Fur -
Network user permissions and security
We seem to have a permissions issue using the DIR
command.
We have a process that runs in SQL Server which executes a DIR command on the local network using a UNC path to check that the files generated by another system are all there, as part of an audit report.
Until this morning all was fine and dandy, we had no issues.
Last night the IT guys tightened up some permissions on the target directories for security.
Now a dir \\server\shared\dir_name fails with an
Access is denied error.
We can run this command against the local drive or alternate network UNC paths with
no problems.
We have the same issue whether we run from within SQL Server using xp_cmdShell or from the Command Prompt (after logging in to the server with the SQL Server account).
When logged into the server with the account in question, it is possible to browse the network, so Explorer permissions are ok
So it is not related to the SQL Server, nor is it related to the SQL Server Agent account.
It is specific to the rights of one network directory.
Thing is the sql server agent account is part of a domain group that DOES have Dir permissions on the target network directory.
We also can no longer use Dir against that network share from our own accounts, even though we are in a domain group that has Full Permissions on the directory!
So what is going on here - is it possible that somehow the Dir command has been blocked on that one directory share for just the SQL Server agent user?I was a bit puzzled ab about the proper location to ask this question, but I think this forum would be the best location to ask:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/home?forum=sqlkjmanageability
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com -
How to restrict "sftp only" user into your home dir and subdir
Hi OTN forums members
Question : I want restrict a sftp only user to browse ONLY in your home directory and subdirectory . I don't want sftp user access into other directory.
Details : I want use a "ssh bundle package" on s10(only package on SUNWCXall installation cluster). I don't want to use the "extrernal package", as "ProFTP", "Chroot", sunfreeware OpenSSH package,ecc. It's possible?
Technical Details of my system(test) : the hostname and username it's fantasy name, not real ;-)
root@sunlab1:/[1]$ cat /etc/release
Solaris 10 5/09 s10s_u7wos_08 SPARC
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 30 March 2009
root@sunlab1:/[2]$ uname -a
SunOS sunlab1 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Blade-100
root@sunlab1:/[3]$ grep explorer /etc/group
explorer::111:
root@sunlab1:/[4]$ grep explorer /etc/passwd
explorer:x:111:111:Sun Explorer Data Collector sftp only user:/export/home/explorer:/usr/lib/ssh/sftp-server
root@sunlab1:/[5]$ zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 27.3G 9.33G 96K /rpool
rpool/ROOT 11.6G 9.33G 18K legacy
rpool/ROOT/s10s_u7wos_08 11.6G 9.33G 11.6G /
rpool/cfengine 73.7M 950M 73.7M /var/cfengine
rpool/dump 1.00G 9.33G 1.00G -
rpool/export 5.01G 9.33G 11.8M /export
rpool/export/home 1.40G 3.60G 1.40G /export/home
rpool/mp3 2.65G 2.35G 2.65G /mp3
rpool/patches 206M 2.80G 206M /var/patches
rpool/swap 768M 9.58G 514M -
root@sunlab1:/[6]$
root@sunlab1:/[7]$ cd /export/home
root@sunlab1:/export/home[9]$ ls -la
total 47
drwxr-xr-x 5 root root 9 Oct 7 09:51 .
drwxr-xr-x 4 root sys 6 Jun 7 09:44 ..
drwxr-x--- 11 explorer explorer 11 Oct 7 11:30 explorer
root@sunlab1:/[8]$ sftp explorer@sunlab1
Connecting to sunlab1...
Password:
sftp> dir
[...more output...]
sftp> pwd
Remote working directory: /export/home/explorer
sftp> cd /var/adm
sftp> dir
[...more output...]
sftp> get messages
Fetching /var/adm/messages to messages
sftp> pwd
Remote working directory: /var/adm
sftp> bye
root@sunlab1:/[9]$
root@sunlab1:/[10]$ pkginfo -l SUNWsshr
PKGINST: SUNWsshr
NAME: SSH Client and utilities, (Root)
CATEGORY: system
ARCH: sparc
VERSION: 11.10.0,REV=2005.01.21.15.53
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: Secure Shell protocol Client and associated Utilities
[...snip...]
root@sunlab1:/[11]$ pca -l installed --pattern=[Ss]sh
[...snip...]
Using /var/patches/pca/patchdiag.xref from Oct/14/10
Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
List: installed (3/584)
Patch IR CR RSB Age Synopsis
141742 04 = 04 -S- 427 Obsoleted by: 141444-09 SunOS 5.10: sshd patch
143140 04 = 04 RS- 119 Obsoleted by: 143559-03 SunOS 5.10: ssh patch
143559 03 = 03 RS- 38 SunOS 5.10: ssh scp patch
root@sunlab1:/[12]$ pca -l 141444 143559
Using /var/patches/pca/patchdiag.xref from Oct/14/10
Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
List: 141444 143559 (2/405)
Patch IR CR RSB Age Synopsis
141444 09 = 09 RS- 367 SunOS 5.10: kernel patch
143559 03 = 03 RS- 38 SunOS 5.10: ssh scp patch
root@sunlab1:/[13]$Legenda:
PCA = [url http://www.par.univie.ac.at/solaris/pca/] Patch Check Advanced , PCA is 3PP free and fast tool for Analyze, download and install patches for Solaris
IR =Installed Rev. CR = Current Rev. (published on patchdiag.xref from Oct/14/10)
RSB =[R]eccommended,[S]ecurity, [\B]ab patches
Not helpful reading "<tt>man sshd_config</tt>" and "<tt>man sftp-server</tt>", and Google searching. Nothing by MOS Community search.
Any idea?
Best Regards
Michele V.
P.S.: Excuse me for my bad English.Hi OTN forums members,
I find the solution. Thanks Andrea Manganaro (aka Amanga) for the help.
1) Download and install OpenSSH for Solaris 10/SPARC and all dependencies(Please read the http://www.sunfreeware.com/openssh.html note):
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssh-5.6p1-sol10-sparc-local.gz]openssh-5.6p1-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-1.0.0a-sol10-sparc-local.gz]openssl-1.0.0a-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/zlib-1.2.5-sol10-sparc-local.gz]zlib-1.2.5-sol10-sparc-local.gz
- [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz]ibgcc-3.4.6-sol10-sparc-local.gz
2) Configure <tt>/usr/local/etc/sshd_config</tt> file with the "+<tt>ChrootDirectory</tt>+" directive. For me:
# override default of no subsystems
#Subsystem sftp /usr/local/libexec/sftp-server
Subsystem sftp internal-sftp[...]
# Example of overriding settings on a per-user basis
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no3) Create group and user for sftp-only account. For me:
root@taurus # groupadd sftponly
root@taurus # grep sftponly /etc/group
sftponly::202:
root@taurus # useradd -g sftponly -c "Sftp only user" -d /export/home/explorer -s /bin/false -m explorer
explorer:x:1002:202:Sftp only user:/export/home/explorer:/bin/false
root@taurus # passwd explorer
New Password:
Re-enter new Password:
passwd: password successfully changed for explorer
root@taurus # 4) Change home directory permission and create a r/w direcorty (uploads) for sftponly user account.
root@taurus # cd /export/home
root@taurus # ls -la
total 14
drwxr-xr-x 4 root root 4 Oct 29 15:28 .
drwxr-xr-x 3 root sys 3 Jan 22 2009 ..
drwxr-xr-x 3 explorer sftponly 3 Oct 29 15:41 explorer
root@taurus # chown root:sftponly explorer; chmod 750 explorer
root@taurus # ls -la
total 14
drwxr-xr-x 4 root root 4 Oct 29 15:28 .
drwxr-xr-x 3 root sys 3 Jan 22 2009 ..
drwxr-x--- 3 root sftponly 3 Oct 29 15:41 explorer
root@taurus # This will make a read-only, chrooted directory perfect for people to come in and get stuff, but never write.
For example, you could make a directory explorer/uploads that allow people to write in.Then you can moderate what gets copied into the read-only /explorer area. Remember that if a user can write in a directory then they can also delete anything in that directory.
root@taurus # cd explorer
root@taurus # mkdir uploads && chown -R explorer:sftponly uploads && chmod 0755 uploads
root@taurus # ls -al
total 9
drwxr-x--- 3 root sftponly 3 Oct 29 15:41 .
drwxr-xr-x 4 root root 4 Oct 29 15:28 ..
drwxr-xr-x 2 explorer sftponly 2 Oct 29 15:56 uploads
root@taurus # 5) Disable SunSSH "service" and enable OpenSSH "service" (with SMF):
root@taurus # svcadm disable sshSee [url http://www.sunfreeware.com/sshsol10.html]here for Running openssh vis SMF on Solaris 10 Systems
root@taurus # svcadm disable ossh
root@taurus # svcs -a | grep ssh
disabled 12:37:51 svc:/network/ssh:default
online 15:29:41 svc:/network/ossh:default
root@taurus # 6) Test your job :-)
Helpful links:
==============
http://www.sunfreeware.com
http://www.openssh.org
http://calomel.org/sftp_chroot.html
HTH
Michele Vecchiato -
Message Tracking and Queue Viewer access is denied - Exchange 2010
Hello,
I am experiencing Message Tracking and Queue viewer problems on my exchange server.
Message Tracking problem
When i run message tracking via EMC or powershell, i receive the following error;
Failed to connect to the Microsoft Exchange Transport Log Search server on computer "myserver.mydomain.com.br". Verify that a valid computer name was used and the Microsoft Exchange Transport Log Search service is started on the target computer. The
error message is: "Access is denied".
Exchange Transport Log Search service is confirmed running and have tried by restarting the service
Logon user is a member of Domain Admins, Enterprise Admins and Exchange Organization Administrators
Message Tracking Logs are generated properly
Queue Viewer problem
When i run Queue viewer, i receive the following error;
The Queue Viewer operation on computer "myserver.mydomain.com.br" has failed with exception. The error message is: Access is denied. It was running command.............................................................
My server information are as follow;
4 Exchange Server 2010 sp3
2 Mailbox Server and 2 Hub/CAS
Mail-flow is working fine
What should I grant permission for a group of users can have access to the Message Tracking ?
Regards,Hi!
The group rule was created as described below. The error persists!
[PS] C:\Windows\system32>Get-RoleGroup "Exchange Access Message Tracking" | fl
RunspaceId : 4229f35d-90f1-4c4e-822d-387979921052
ManagedBy : {bancobmg.com.br/Users/Raphael Henrique Duarte Campos}
RoleAssignments : {Message Tracking-Exchange Access Message Tracking}
Roles : {Message Tracking}
DisplayName :
ExternalDirectoryObjectId :
Members : {bancobmg.com.br/Users/Raphael Henrique Duarte Campos}
SamAccountName : Exchange Access Message Tracking
Description :
RoleGroupType : Standard
LinkedGroup :
Capabilities : {}
LinkedPartnerGroupId :
LinkedPartnerOrganizationId :
IsValid : True
ExchangeVersion : 0.10 (14.0.100.0)
Name : Exchange Access Message Tracking
DistinguishedName : CN=Exchange Access Message Tracking,OU=Microsoft Exchange Security Groups,OU=Global,DC=ba
ncobmg,DC=com,DC=br
Identity : bancobmg.com.br/Global/Microsoft Exchange Security Groups/Exchange Access Message Trackin
g
Guid : 0957152d-2073-4f75-b40e-63f45eb20f67
ObjectCategory : bancobmg.com.br/Configuration/Schema/Group
ObjectClass : {top, group}
WhenChanged : 06/02/2014 16:25:26
WhenCreated : 06/02/2014 16:25:26
WhenChangedUTC : 06/02/2014 18:25:26
WhenCreatedUTC : 06/02/2014 18:25:26
OrganizationId :
OriginatingServer : bmg190.bancobmg.com.br
[PS] C:\Windows\system32>Get-ManagementRoleAssignment "Message Tracking-Exchange Access Message Tracking" | fl
RunspaceId : 4229f35d-90f1-4c4e-822d-387979921052
User : bancobmg.com.br/Global/Microsoft Exchange Security Groups/Exchange Access Message Tracki
ng
AssignmentMethod : Direct
Identity : Message Tracking-Exchange Access Message Tracking
EffectiveUserName : All Group Members
AssignmentChain :
RoleAssigneeType : RoleGroup
RoleAssignee : bancobmg.com.br/Global/Microsoft Exchange Security Groups/Exchange Access Message Tracki
ng
Role : Message Tracking
RoleAssignmentDelegationType : Regular
CustomRecipientWriteScope :
CustomConfigWriteScope :
RecipientReadScope : Organization
ConfigReadScope : OrganizationConfig
RecipientWriteScope : Organization
ConfigWriteScope : OrganizationConfig
Enabled : True
RoleAssigneeName : Exchange Access Message Tracking
IsValid : True
ExchangeVersion : 0.11 (14.0.550.0)
Name : Message Tracking-Exchange Access Message Tracking
DistinguishedName : CN=Message Tracking-Exchange Access Message Tracking,CN=Role Assignments,CN=RBAC,CN=BANC
O BMG SA,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=bancobmg,DC=com,DC=br
Guid : c3768a00-3f36-4532-b586-a06842a85e24
ObjectCategory : bancobmg.com.br/Configuration/Schema/ms-Exch-Role-Assignment
ObjectClass : {top, msExchRoleAssignment}
WhenChanged : 06/02/2014 16:25:26
WhenCreated : 06/02/2014 16:25:26
WhenChangedUTC : 06/02/2014 18:25:26
WhenCreatedUTC : 06/02/2014 18:25:26
OrganizationId :
OriginatingServer : bmg190.bancobmg.com.br
How can I identify if there is any setting to be done?
Thank you!
Maybe you are looking for
-
Macbook Pro 13 (June 2011) and Sony Bravia connectivity using HDMI port.
Hi, I have searched many forums and posts here and there, but no where got the perfect solution, also most of the places people are misxing the problems with other problems. My Problem: I am not able to see even Sovy TV in my MBP display page, and he
-
After updating to 10.9.1 keyboard toast
After updating to 10.9.1, the keyboard attached to my mac mini is misbehaving. Many letters don't function and some letters continue to repeat after being pressed. I am unable to log in to my account because I cannot type the password properly. Th
-
IPrint on Mac -- printer not available
Hi! OES 11 SP1. MacBook Air (Apple Mac OS X). Just few days ago installed printer and printed out page and everything was ok, but today "printing", but nothing happen. Then I uninstalled printer and tried to install again, but ... "iPrinter encounter
-
I'm working on trying to get XGL working, and I followed the wiki. However, when i boot up (either method one or two), everything gets corrupted and slanty. Except for the terminal area of a konsole i happened to have open. X sort of runs (slowly, an
-
Magic Formula for connecting to camera?
I've digitized hours and hours of footage in FCE and have trouble every time. It always turns out to be something small, like I forgot to plug the firewire cable in before I started FCE or the camera is in record mode rather than playback. But this t