Deny access to sudoers file as an Administrator
In our company we have users with Administrator rights on their Macs.
As a Systems Administrator I want to deny access to the sudoers file. Also I want to deny the elevation to Root.
How can I do this?
Lt.Tuvok,
This doesn't make much sense. The definition of an "admin user" is one that can be elevated to root, or at least root privileges. In all other respects, an admin is nothing more than a "standard" user.
All of the otherwise "special" abilities that are granted to admin users come as a result of their ability to perform those operations normally reserved for root exclusively. Things like changing the ownership of a file not owned by them, or changing global system settings, etc.
In essence, these operations are still held exclusive to root, but admin users are able to elevate themselves to that status. This is why the admin password is required in order to perform these things; it is no different than entering that password when invoking "sudo" at the command line.
What I am getting at, here, is that what you really want is to create these users as standard users.
Scott
Similar Messages
-
Just trying out my new mac but email won't load, error says "The mail server denied access to the account because an administrator or other mail client was using it when Mail tried to log in. Try again later." A little lock is beside the email inbox account, no password prompted and account is online and enabled... Thoughts?
Have you tried clicking on the lock to see it it will then ask for a passwored. Otherwise, try reblooting.
-
Cannot access folders and files even with Administrator rights
Hours & days gone trying to solve niggling issues that Microsoft cannot fix (using the built-in diagnosis tools/compatibility options/MS promises to advise when solutions found). But I am stopped from progress by restrictions to folder & file access preventing self-diagnosis. Why are administrator rights not effective? How do I as Administrator give myself access rights? If not available how do I return to XP and retrieve the cost of Windows 7? Note that the PC compatibility test tool for Win7 upgrade from XP noted no significant problems!
It appears that these are symbolic links and that WIn7 hasn't got the wherewithal to follow the symlink to the real folder to assess the security settings. - Hence everyone's frustration.
For those of us who are extremely technical, we'd like to be able to remove and re-create a link as needed to test a scenario...
I've done it for years with Altos Xenix, SCO Xenix, SCO OS/5, AIX and Linux from Caldera 2.2 through todays versions... Windows has been moving in a direction to incorporate more *nix like concepts as they move away from their DOS orientation, but in the process
they have focused on the "general user" at the expense of the "administrative user" (i.e. "root" in *nix)
I've always wanted to try a stripped down, non-backwards compatible, Windows Server. I'm sure it could be made admin-friendly and allow push updates without spending thousands of dollars on push-update software mechanisms... But so far, they've missed the boat.
I have 1 Win7Prof PC at home, 1 Mac and 2 Debian systems. Both the Win and OS/X systems make it very hard to administer/customize/etc. the OS. The 2 Debian systems give more bang for the buck and don't inhibit the root user at all once you make 2 changes (using
"su root" as a user) in /etc/pam.d to allow logging into the desktop as root.
We can always hope MS will see those of us who recommend server platforms as a market at some point. (Wouldn't it be awesome to have basic *nix constructs available for admins? And "bash" vs. "cmd"?)
I certainly don't see any need to utilize Windows except in those cases where some vendor/site is compatible with MS/IE only. There are a few of them and I rail on them constantly to be platform independent. Our software is. It takes a lot of work, but
we use Apache/MySQL/PHP to deliver our medical practice management application from any of the *nix-OS/X-WinServer server platforms to anyone who has Chrome/FireFox/Safari/Opera/IE or
similar browsers. But administering the server platform under Windows is about 5 times more time intensive to install and about 10 times more time intensive to maintain than *nix platforms.
We have about 200 Linux servers we are able to support with 4 staff. We have about 50 Windows servers we are able to support with 4 staff.
With numbers like that, I don't see us leaning toward Windows in the foreseeable future. -
Need to deny access to file manager for the user
Hi
I need to be able to deny access to the file manager, as I dont want my client deleting files. however, for some reason I have to allow him access to this as he needs to be able to upload files through InContext Editor (he needs to link pages to documents that are not on the server so he needs to upload them and to do this, I have to grant him access to file manager). How can I get around this? I dont want to have to reupload his site every time he deletes a file....Unfortunately it can't be done - access to the file manager allows deleting as well as uploading and at this point that cannot be changed.
-
How can I deny write access to datalog files for all but one process in LV8?
In LabVIEW 7.1, wiring the deny mode terminal of Open File.vi with a Deny Write Only enum constant was an effective means for ensuring that only one process could write to a datalog file at a time. In LabVIEW 8.0, Open File.vi is no longer available and the new Open/Create/Replace Datalog vi does not provide a deny mode terminal. Also, the new Deny Access vi does not support datalog files. Furthermore, the Set Permissions vi is an unsatisfactory solution because under the Windows operating system, it simply sets the Read Only file attribute. This is inadequate because I have demonstrated that it is still possible for two processes to open a datalog file with read/write access before either one has had a chance to set the Read Only file attribute in order to lock out the file. If a process sets the Read Only file attribute first, then it can't open the file with read/write access for itself.
Does anyone understand the file mechanism by which deny mode used to work with the old Open File.vi? I wish to restore the functionality I had in LV 7.1 in my LV 8 programs.
Thanks!
LarryLarry Stanos wrote:
I appreciate the
empathy from Rolf, but I'm hoping that someone may have written one or
more vi's containing CINs that call Windows 2000/XP file access control
library routines. At least I'm assuming that is how the deny mode
input to Open File.vi used to work in LV7.1. The Microsoft
Developers Network on-line documentation on Access Control http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_control.as... is
daunting to put it mildly. But even if a set of CINs has not
already been coded, perhaps someone could point me to the specific set
of calls I need to make to absolutely guarantee that no two
clients can simultaneously open the same file with write privileges. Unfortunately
the elimination of deny mode functionality for datalog files in
LV8 has sabotaged my commitment to a March 1 release date because it
would also be impractical to convert everything back to LV7.1 at
this point. Sincere thanks to anyone who can help me out here!
Unfortunately
the functionality you mention does not work in the way the deny mode in
the LabVIEW nodes works. Basically that deny mode is converted to an
according FILE_SHARE_READ/FILE_SHARE_WRITE value and passed to the
Win32 API CreateFile function. This is more or less the only place
where you can define a global share (or deny) access to a file. That is
also why the Deny Access node online help is talking about that the
file is reopened.
But I just retried what you had tried to do, and low and behold it
works with wiring a datalog refnum to Deny Access. What is important
here however is that you do need to wire a datatype to the record type
input of the Open/Create/Replace Datalog node. Otherwise you can't
connect the resulting datalog refnum to any other file function, since
it is an incomplete datatype.
Rolf Kalbermatter
Rolf Kalbermatter
CIT Engineering Netherlands
a division of Test & Measurement Solutions -
I have been having a problem with my external hard drive, I think it is about to die, so I am in the process of copying all my files/folders to my wifes computer, which has a much bigger internal harddrive than my computer, but I have another problem besides the drive itself. I have run into this problem ever since running Vista, and thats the stupid security. Security isnt stupid, but you have to be a professional IT person to figure out the way Vista security works. Those stupid dialog boxes were definately NOT intended for the home user. I have files that I want to copy that aparently I dont have access to, even though I am the one who created them. I found an account named "Unknown Account (S-1-5-21......) that I am sure came from a user account that I had in a different incarnation of Windows Vista, and since have reinstalled. So I know where the SID came from, but because of that I am denied access to the files. When I try to remove that account, I am told that I cannot remove that account because of inherited permissions and I should disable inheriting permissions. When I untick that option, I am told that NO ONE will be able to access the files. When I go up one level, where the permissions are supposedly inherited from, that account isnt listed. What the helll? I want access to my files! What do I do?
Hi,
Thanks for posting in Microsoft TechNet Forum.
According to your description, for further troubleshooting, please help to confirm the following items.
1. Is this issue occurring on your wife's computer during the process of copying files or on your own computer while running Windows Vista? Where are these files located?
2. Does the current user belong to a group of administrators or a group of standard users?
3. As you mentioned above that your external hard drive is about to die, it may be related to hardware defect. So could you please describe the symptoms in details?
By the way, I would like to suggest that you try to take ownership of these files then see if you can access them.
If you can’t access the external disk totally, try to take ownership of the hard drive:
1) Click Start –> All Programs ->Accessories
2) Right-click Command Prompt and select Run as administrator. If you are prompted for an administrator password or confirmation, type your password or click Continue
3) Type: takeown /f filepath (Replace filepath with the location of your drive, example d:\)
4) Press Enter, you will be prompted with completed successfully message.
5) Type: icacls filepath /grant yourusername:f (Replace filepath with the location of your drive, and yourusername with your profile name)
6) Press Enter, you will be prompted with completed successfully message.
7) Then try to delete files in this drive and see if it works.
If it is just due to specific files and folders, try to take ownership of these files and folders:
How to Take Ownership and Full Control Permissions of Files and Folders in Vista
Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.
Meanwhile, I noticed that an unknown account (S-1-5-21......) is kept on your computer. You may need to delete this account in registry first.
1) Press Ctrl + R to run regedit, then press Enter.
2) Locate to this item: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
3) Delete the registry of this unknown account.
Note: Remember to back registry before any modification.
Hope this helps. Thanks. -
Access denied. Error in File C:\WINDOWS\TEMP\
I have searched on Google and all over this forum and none of the solutions have fixed my problem.
Crystal Version: Crsytal.Net for Visual Studio.Net 2005
Server: Windows Server 2003
Error:
Access denied. Error in File C:\WINDOWS\TEMP\JuryDutyReport {D6296178-3E72-483E-B876-2DFC03D00841}.rpt: Access to report file denied. Another program may be using it.
When I run my app locally through the Web Server that comes with ASP.Net, everything is fine, it is only when I deploy the application to the Windows 2003 Server that I get the error.
I'm using impersonation in my ASP.Net application. I have given that domain user full access to 'C:\Windows\Temp'', the export folder and even the folder where the Crystal Report resides on the Server. When I run the application on the Web Server, I actually see the ".rpt" get created in the "C:\Windows\Temp" folder but yet it still says there is a permissions error.
What is bizarre is that the code below that just sends the file to the printer automatically works:
private void PrintJuryDutyReport(DataSet ds)
//create report document
ReportDocument crDoc = new ReportDocument();
//load, set datasource and print options
crDoc.Load(Server.MapPath("~/Reports/JuryDutyReport.rpt"));
crDoc.SetDataSource(ds); //set datasource
crDoc.PrintOptions.PrinterName = ddlPrinters.SelectedValue.ToString(); //set printername
crDoc.PrintOptions.PaperOrientation = PaperOrientation.Portrait; //set paper orientation
crDoc.SetParameterValue("ParamUsername", User.Identity.Name); //set parameter
crDoc.PrintToPrinter(1, false, 0, 0); //send to printer
I have to change the code to export to a PDF and this code doesn't work:
private void PrintJuryDutyReport(DataSet ds)
//report document
ReportDocument crDoc = new ReportDocument();
string myfile = @"G:\COPFS\COPFSPROD\ReportsTemp\MyPDF.pdf";
//load, set datasource and print options
crDoc.Load(Server.MapPath("~/Reports/JuryDutyReport.rpt"));
crDoc.SetDataSource(ds); //set datasource
crDoc.SetParameterValue("ParamUsername", User.Identity.Name); //set parameter
//export through http
crDoc.ExportToDisk(ExportFormatType.PortableDocFormat, myfile);
crDoc.Close();
crDoc.Dispose();
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = "Application/pdf";
Response.AppendHeader("content-disposition", "attachment; filename=" + myfile);
Response.WriteFile(myfile);
Response.Flush();
Response.Close();
Any help is greatly appreciated as I have to present this to end users tomorrow.Don, thanks for the response.
As a last ditch effort, I granted "modify" to the Network Service Account on C:\Windows\Temp and that fixed the error.
There are two things that are troubling about this:
1) I'm impersonating a domain user in my ASP.Net application and when the PDF is created, the owner is that domain user, so I know impersonation is working. So I wonder if ASP.Net picks and chooses what account it runs under at different times?
2) It is a little scary for the Network Service Account to have this access but that people seem to be fine with it.
http://aspadvice.com/blogs/rjdudley/archive/2005/03/14/2566.aspx -
Deny Access function with invalid file refnum causes LabVIEW to crash
Hi folks,
I have LabVIEW 8.5, and today encountered something interesting that consistently causes LabVIEW to crash. Essentially, if you find the "Deny Access" function under the advanced file IO palette and wire up an invalid refnum, Windows (XP in my case) reports that LabVIEW has to close. I checked in task manager, and the LabVIEW process is still active and using a disproportionate amount of the CPU.
To reproduce the issue, simply drop the function on your block diagram, create a constant from the refnum input terminal, and run the VI. Has anyone else seen this behavior?
Thanks,
JimHi Carla,
I'm glad to help, and thanks for looking into it. The way I ran into the bug was while I was working on an action engine VI to log certain text values (see attached picture). While logging, I didn't want other programs to access the file. When a new file had to be generated, I wanted to stop denying access and close the reference. However, if the value on the shift register was invalid, LabVIEW crashed instead of throwing an error (I guess a crash qualifies as an error).
If you look at the attached picture, my workaround was to use the "Not A Number/Path/Refnum?" function. If the reference is bad, I don't try to use the "Deny Access" funtion or close the file. That worked just fine and seems like a good solution for now.
Jim
Attachments:
Logger.png 6 KB -
Do you have to explicitly open a file before Deny Access?
I tried running deny access after reading a file and when I tried to write to it, it gave me an error 8, a permission error. So I tried adding an explicit "Open", and it looks like that works. For this example:
there's no error at the first error cluster but there is one for the second. Any ideas why this is? I tested this in LV 8.6.1.
CLD (2014)The help to the "Read from Text File" function says:
"... If you wire a path to file, the function opens the file before reading from it and closes it afterwards."
So the write file function will have to reopen the file, but this time access is denied.
When opening the file ref explicitely the reference remains valid until it is closed explicitely. -
Accessing standard account files with administrator account
i have a macbook where in i have my own administrative account and a standard guest account. the thing that bothers me is that even though i am an administrator and the guest account is not, i still cant access the guests files while logged into my administrator account. is there anyway to do this?
thank youAs an administrator, you can temporarily change the ownership of another user's files or folders if you need to access them. You can also use the Terminal's sudo command to access them as root. You may get a warning about respecting other's privacy.
-
Access denied when I move files from MacBook to desktop
When move files from my MacBook Pro to my G5 desktop, I can't open them. I get an "access denied" message. I can fix the problem by going to "info" and changing the access, but how can I fix this so it doesn't happen at all? I don't want to have the hassle of resetting the access for each file every time I swap files back and forth between the laptop and desktop.
Ask and you will receive:
You can do the same thing in terminal using the chmod command, but it requires a bit more of a learning curve.
Leo server has a Built in GUI that allows you to do the same thing as Sandbox, I really feel Apple should have included something similar in the consumer version of Leo, since we are forced to deal with ACL's in Leo whether we want to or not. They are turned on by default and can only be turned off temporarily (fsaclctl command) as they will resume automatically at the next reboot.
Of course you must master the basics before attempting
ACL's from the command line.
Here are some links to some Leo ACL and command line documents:
http://www.afp548.com/filemgmt/index.php?id=40
http://manuals.info.apple.com/enUS/Command_Line_Adminv10.5.pdf
http://manuals.info.apple.com/enUS/File_Services_Adminv10.5.pdf
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man1/chmod.1. html
These tools will guide you in your quest.
And don't forget grasshopper: "wax on - wax off"
Kj -
Dear admins
I need to create a script which does delete some files with "sudo" and password before a program (ChronoSync) does start a backup.
The main script is like this:
#!/bin/sh
# Some explanations and descriptions about the script
cd /Volumes/Data\ Drive/TimeMachine/
sudo rm -r *.sparsebundle
I did save this as "Delete_TM_script.sh" in "/usr/local/bin"
With chown root:wheel "delete_TM_script.sh" I did set the proper UID/GID
With chmod 4755 "delete_TM_script.sh" I did set trhe access rights.
With sudo visudo /etc/sudoers I did edit this file to ad the following line.
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
ladmin ALL=NOPASSWD: /usr/local/bin/Delete_TM_script.sh <-- This is the supplement line
Now if I start this script in the terminal as the user "ladmin" (Local Administrator) through "/usr/local/bin/Delete_TM_script.sh" I get the message that I have to enter the password for this account.
I thought that with the addition in the sudoers file, I could let run the script without asking for password.
Does anyone know how to accieve this in the right way?
Reading the man pages of sudoers didn't help much. It made my head more confused.
Thank you ahead for anyones help and suggestions.
Regards
ThomasHello Camelot and John
Thank you both for your replay.
According your feedbacks I did the following on my testsystem under SLS 10.6.8.
I did create a new script as follows.
#!/bin/sh
# Starte Script mit sudo
sudo /usr/local/bin/Delete_TM_script.sh
Then I did change the script which does the job to the following entries.
#!/bin/sh
# Some explanations and descriptions about the script
cd /Users/ladmin/Desktop/Test\ Folder
rm -r *.sparsebundle
Now I did change the sudoers file as follows.
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
ladmin ALL=NOPASSWD: /usr/local/bin/Delete_TM_script.sh, /usr/local/bin/start_script.sh
If I quit the terminal and reopen it and run the script "start_script.sh" I get asked for the admin password, which I thought I could go around it with this procedure.
What did I miss or what did I do wrongly?
Any idea? -
Cannot access Temporary Internet Files
Hello;
I am logged on with admin privs, I run Windows Explorer as admin, and have set security properties for all folders, yet I still cannot get access to my OWN Temporary Internet Files folder.
Sure, I have just come over to Win7 from XP Pro, and there is a huge difference in security, but I have always thought that when you are the computer's administrator, you have access to ALL files and folders.
My computer is not a member of a domain at this time.
I know that I can delete the files through IE, and by Disk Cleanup, so it's more curiosity than anything else that I need to know this.
I already own the Windows7 Resource kit, but so far I cannot find anything in there about this.
Thanks for your help
FWYou should have access here...
even a standard user has access here (they have to or they could not really use I.E.)
C:\Users\<User_name>\AppData\Local\Microsoft\Windows\
The following folders that in win7 user profile are shortcuts.
"Documents and Settings" and "Application Data", "Cookies", "Local Settings", "My Documents", "NetHood", "PrintHood", "Recent", "SendTo", "Start Menu", "Templates
These shortcuts in Windows 7 are junction points, which are important parts of application compatibility. As Windows 7 is a new Windows Platform, a lot of applications was not designed for it so that they are not fully compatible with Windows 7. To allow these applications access the data on Windows 7 properly, the shortcuts are designed to redirect the applications to obtain the necessary data in the correct directories. Thus, these shortcuts do not contain any files but a new directory of a certain folder. To avoid deleting or modifying the shortcuts by mistake, Windows 7 sets the Read permissions of these folder to Deny. Actually, the shortcuts are hidden by default.
To access these junction points, redirect to the following folders:
Note: As some folders are hidden, please refer to the following steps to show all the hidden files.
Show hidden folders
==============
1. Open "Computer", and click "Organize" -> "Folder and Search Options".
2. Click the "View" tab. Under "Hidden files and folders", click "Show hidden files and folders."
3. To display other hidden files, clear the "Hide protected operating system files (Recommended)" check box.
Documents and Settings C:\Users
Application Data C:\Users\User_name\AppData\Roaming
Cookies C:\Users\User_name\AppData\Roaming\Microsoft\Windows\Cookies
Local Settings C:\Users\User_name\AppData\Local
My Documents C:\Users\User_name\Documents
NetHood C:\Users\User_name\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood C:\Users\User_name\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Recent C:\Users\User_name\AppData\Roaming\Microsoft\Windows\Recent
SendTo C:\Users\User_name\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu C:\Users\User_name\AppData\Roaming\Microsoft\Windows\Start Menu
Templates C:\Users\User_name\AppData\Roaming\Microsoft\Windows\Templates -
Apache user dir (13)Permission denied: access to /~simha/ denied
I am getting Access forbidden! when I am trying to connect to http://localhost/~simha/ where simha is my user name
my /var/log/httpd/error_log says
[Thu Jul 08 17:44:30 2010] [error] [client 127.0.0.1] (13)Permission denied: access to /~simha/ denied
I tried a lot and gave up. Can any one help me in this in regard
The following are the permisions of my home dir simha and public_html
drwx--x--x 130 simha users 16384 Jul 8 17:04 simha
drwxr-xr-x 2 simha users 4096 Jul 8 17:02 public_html
The following are my httpd.conf
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd//var/log/httpd/foo_log".
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/etc/httpd"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 80
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/http"
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "/srv/http">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks includes
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock /var/run/httpd/cgisock
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# phpMyAdmin configuration
Include conf/extra/httpd-phpmyadmin.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/php5_module.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
The following are my /etc/httpd/conf/extra/httpd-userdir.conf
# Settings for user home directories
# Required module: mod_userdir
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Note that you must also set
# the default access control for these directories, as in the example below.
UserDir public_html
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
I also tried adding user to the group http. BUt nothing is working.Do you have [or more like lack] +x on the user folder?
-
How to access/open rpd files in offline mode from client desktop
Hi All,
Please tell me what configuration settings I need to have on my desktop to access RPD files stored on BI server?
In our OBIEE environment, we have BI server installed on linux server, and I have installed BI admin tool on my desktop (Windows OS).
I need to know what settings I should configure in my NQSConfig.ini file on my desktop so that I can access rpd files stored on BI server...
I can access online RPD using BI server ODBC connectibity, but want to access other offline RPD files stored in repository directory on linux server where OBIEE 11g server installation is done.
Thanks and Regards
Santosh
Edited by: 910192 on 22-Feb-2012 08:09Saichand,
Highly appreciate your response.
But wht I am looking for is how to access other RPD files stored in repository folder on server machine where BI server is running, from BI administration tool which is installed on my desktop
I am able to access default online repository on BI server using ODBC configuration from BI admin tool on my desktop, but want to access other rpd files (lets say sample rpd files which are installed on BI server machine) using (file->open-offline) option.
As per Jay, it seems it is not possible to access repositories other than online repository on BI server, and I will have to copy those rpd files on my desktop and then access using file->open->offline option in BI admin tool.
If you have any other way of doing this or have done this somehow , please let me know.
Thanks and Regards
Santosh
Maybe you are looking for
-
I have two problems: 1. I no longer have my old computer and want to download the iTunes I have purchased in previous years. Aren't they all in "the cloud?" 2. I think I have more than one account and would like to get them combined. Is there a g
-
Extracting address id and marrying up with vendor number / name
Hi all I need to extract the email address for all vendors that we hold. However, ADR6 only gives me the address ID rather than the vendor name or number. Can you tell me what table (or other) will give me the address id married up with either the
-
Sendfilev() and file system interaction
When transmitting a file over a TCP socket with sendfilev(), and the source being a regular file on a UFS file system, what exactly takes place in the filesystem locking subsystem? For example, if an HTTP server employs the sendfile system call, and
-
I paid the suscriptions of: camera to pdf but the app doesnt work. please your help with an answer of the trouble and possible solution.
-
SNC Transportation Lanes validity
Hello everybody, I recently upgraded my SNC 7.0 from SP5 to SP7 and now have a problem with the transportation lanes validity dates. All the transportation lanes created by CIF replication contain lines of article with an End Date at the 31.12.2010.