Deny/allow aci question
I want to allow specific users certain right to an attribute but then I want to deny all others that I didnt specify. How would you do this? Lets say..
Allow(write,read,search) (userdn="ldap:///johndoe"); Then I want to deny access to te rest of the users that are not john doe. I dont even want them to have read access. Thanks. Also, is therea way to change the default access to none instead of read and search. Thanks in advance.
By default, if there are no ACIs present, there is no access. You must always explicitly allow access, otherwise, it is denied. Keep in mind, though, that the installation and instance creation process adds certain ACIs by default - you may have to remove or edit them.
Similar Messages
-
Hi,
we try to simplify our ACI's.
No we have one syntax, which works on other ACI's, but unfortunately not in this one.
Can you give me a hint what's wrong?
aci: (targetattr = "every attribute") (target = "ldap:///ou=xxxou,ou=xxxadmin,l=location,c=country,o=organization") (version 3.0;acl "Allow_xxGroup_to_update_xxxou";allow (all)(groupdn = "ldap:///cn=xxGroup,ou=xxx,ou=*,l=location,c=country,o=organization");)
This xxGroup exists in different organizationalUnits in l=location,c=country,o=organization, but we've to specify an explicit ou to get it working otherwise we get the following error message:
ldap_modify: Insufficient access
ldap_modify: additional info: Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=xyz,ou=yyy,ou=xxx,ou=xxxou=xxxadmin,l=location,c=country,o=organization'.
The syntax with the * works perfect in other ACI's, but not here.
Cheers!
Edited by: rsc-ffm on 16.09.2011 10:19
bold didn't worked
Edited by: rsc-ffm on 16.09.2011 10:20
Edited by: rsc-ffm on 16.09.2011 10:21
bold don't worked again
Edited by: rsc-ffm on 16.09.2011 10:22
Edited by: rsc-ffm on 16.09.2011 10:22Hi,
tried to replace this ACI with the following, but also unfortunately
aci: (targetattr = "*") (target = "ldap:///ou=xxxou,ou=xxxadmin,l=location,c=country,o=organization") (version 3.0;acl "Allow_xxGroup_to_update_xxxou";allow (all)(groupdn = "ldap:///cn=xxGroup,ou=xxx,($dn),l=location,c=country,o=organization");)
ou=xxxou,ou=xxxadmin is in a separate branch, so it's not possible to do it it with macro also.
If I try to add this ACI, I get the following error message:
ldap_modify: Invalid syntax
ldap_modify: additional info: ACL Invalid Target Error(-8): Target is beyond the scope of the ACL (Scope:ou=xxxou,ou=xxxadmin,l=location,c=country,o=organization) (targetattr = \"\2a\") (version 3.0;acl \"Allow_xxGroup_to_update_xxxou\";allow (all)(groupdn = \"ldap:///cn=xxGroup,ou=xxx,($dn),l=location,c=country,o=organization\");)
It's eqal if I put this ACI on l=location or in the target DN, error message is the same.... -
Nokia 6230 car hands free ACI question
hello there,
I was trying to connect my nokia 6230 to the car's audio AUX input in order to be able to listen to MP3.
I have a very good knowkedge in Electronics, so i did some changes in the hands-free car kit.
question is : I noticed that when the car kit is connected to the phone (& the car icon appears), the audio output becomes MONO, which means I can't really enjoy stereo MP3 (with my change I bypasssed the car kit's speaker output with relay only when call is active).
the audio out pins of the pop port are at pins 11-14.
BUT - again - when car kit is attached, output pins 13-14 are inactive (only mono from pins 11-12 is available)
does anyone know how to hack this further more so it becomes stereo ? (I guess it is something with the ACI protocol ?? (pin 3))
thanks,
TOMThe phone is only seeing your "modification" as the basic the mono headset. It needs to recognise the ACI chip in the headset, that tells the phone whats plugged in and therefore what audio paths to turn on. Unless you can mimic the ACI info (copywright infringement so be aware)the phone wont open the second audio path.Message Edited by megadodo on 06-Sep-200704:16 PM
-
I would like to give all members of a group in the directory access to read all attributes except the userPassword. I have created the following ACI:
(targetattr != "userPassword")(version 3.0;acl "Read All Access"; allow (read,compare,search)
(groupdn = "ldap:///cn=Read_All_Access,ou=Groups,dc=pwcglobal,dc=com") ;)
Is this the correct syntax for this? It does not seem to be working as memebers of the group can still see the userPassword attribute.
There are no other aci's conflicting. When I remove my test user from the group it can see nothing, which is what I want.
thanks,The ACI itself and your results are not incompatible. What your ACI says is that members of the group should be able to read all attributes other than userPassword. The observation that they can read userPassword is not in contradiction, though it is out of scope.
I see that you have asserted that there are no conflicting ACIs. If you want another few sets of eyes on that, could you paste your ACIs into the thread? As I said there is nothing in the single ACI you have pasted that would determine whether members of that group should or should not be able to read the userPassword.
Other suggestions:
1) Remove the ACI entirely and see if the group member you are testing with can still read userPassword.
2) Use the getEffectiveRights control to view ACI rights.
3) Change the ACI to allow read access to all except another, different attribute and see if the same behavior occurs. -
Shipping Recalled Battery back to ACI Question
So I got my replacement battery for my powerbook and packaged up the old battery to ship it back. I looked at the label and couldn't tell what carrier sent it or who was suppose to return ship it to ACI. Am I wrong in assuming that Apple is footing the bill for the return shipping? So I read on the enclosed note that it appears that the US Postal Service is suppose to accept the prepackaged label. So I went to my local post office and the agent behind tha counter said it wasn't one of their accounts. ***? He said I could send it but I would have to pay. Then they ran the zip code on the return label and it didn't come up right either. Has anyone else had this problem? Is it suppose to go UPS or FedEx or DHL instead on USPS? HELP!!
From my understanding it is DHL.
-
Firewall repeatedly asking to allow or deny?
Hi
My firewall is set on app-specific permissions.
I've been getting a dialog asking to allow or deny "incoming connections" for a certain app. Every time I click "Deny" and next time I launch the app I get the dialog again. There's no "always deny" option that I can find.
My questions:
1. how do I deny it once and for all?
2. what about "outgoing connections"? are they blocked too if I choose "deny"?
Thanks!I don't consider myself to be a firewall expert, but the System Preferences/Security/Firewall option of "Allow all incoming connections" seems to fit the bill. I do work with a lot of PC's and I've become familiar with many of the firewall programs available for them. PC's really need this badly:)
Leopard doesn't provide you with the ability to block outgoing connections any better than WindowsXP does. In the event that a user actually gets a Trojan Horse or other Spyware, these "incoming only" firewalls are completely useless.
We don't have to worry too much about Malwares yet with Leopard, but if we did, the Leopard firewall would automatically allow an outgoing connection as it would appear to be initiated by the user. - This becomes a worthless "feel good" security, especially when you are at your own home with a hardware firewall available in every NAT router that is already blocking so many ports that you have to punch holes with port forwarding to get many programs to work. Almost all of these routers make a provision for a "Stealth" mode where the router will not answer a ping or respond on the ID port scan. They also have a method of creating a "DMZ" wide open - forward every unsolicited incoming connection - to a specific IP number on the LAN so that you can run a server (I'm running Leopard server using DHCP with Manual Address to match the DMZ IP number) without having to forward all the ports for iChat, iCal, FTP, email, web server or any other service you want to run.
In the coffee house scenario, you wouldn't have the hardware firewall to protect you, but you also will not be able to block outgoing connections either. Still worthless.
If the Leopard firewall is told to just go away, you can use a real firewall program for much finer, enduring control. Little Snitch, and other programs will pop up with a warning, and offer to deny, allow once, or allow always every outgoing connection. The firewall comes with many presets that take into account normal activity like email, web surfing programs and some system initiated connections, but questions just about every other type of connection.
Sorry for the length of this reply, but the comparisons to the worthless WinXP firewall just took over:) -
Having issues-/etc/hosts.deny /etc/hosts.allow!
OK-I just did an install of Arch '09 x86_64 core on my HP Pavillion a810n AMD Athlon64 3300+. I got to the part about configuring and the directions just aren't very clear...What EXACTLY do I input to both deny/allow to be able to get on the net to install gnome/X, etc??
Why would anyone by default have the net services turned off when to have a Viable OS you need more packages-did someone miss that?
Thanks.From the Beginners Guide:
If you do not plan on using the ssh daemon, leave this file at the default, (empty), for added security.
It seems you may be confusing the contents of this file with your inability to reach the network.
What is the exact error(s) you are receiving?
Did you leave the file empty (all lines commented out) ? -
Java allow/deny incoming connections
I have just downloaded the latest software update. Java and Safari.
After rebooting I get a dialog box appear for a fraction of a second, repeating about every 10 to 20 seconds.
The box says Allow Java to accept incoming connections. Then a clickabe Deny Allow.
As it only appears for a fraction of a second I cannot click on either button.
I tried turning off Java but that did not work.
In the Activity monitor Java appears for a fraction of a second then disappears.Update.
I chcked the Verify Disk and it returned aa unable to Repair.
I booted from the DVD and successfully repaird the disk. (SSD.)
It had no affect.
I ran Repair Disk Permissions, but also no affect on the Allow/Deny.
I ran the Repair Disk Permissions again and the same list of Permissions Differ / Repaired appears. I tested this several times and the list is always the same, even though the list indicates the Permission have been Repaired.
If I turn off the Firewall, in System Preferences, the Allow/Deny dialog box goes away.
Looking at the Activity Monitor it would seem that Java tries to start then crashes, then tries to start again.
If you look at the Repair Permissions list there are some clues regarding various Java compenents.
Java Preferences in the Firewall/Advanced is set to Allow.
Any thoughts?
Here is the list for Repair Preferences.
Repairing permissions for “Macintosh HD”
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.ja r", should be lrwxr-xr-x , they are lrw-r--r-- .
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.ja r".
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib", should be 0, user is 95.
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib".
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries", should be 0, user is 95.
Repaired "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries".
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts", should be lrwxr-xr-x , they are lrw-r--r-- .
Repaired "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts".
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Resources/Java/deploy.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
Repaired "System/Library/Java/Support/Deploy.bundle/Contents/Resources/Java/deploy.jar".
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPluginCocoa.b undle/Contents/Resources/Java/deploy.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
Repaired "System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPluginCocoa.b undle/Contents/Resources/Java/deploy.jar".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Italian.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Italian.lproj/UIAgent.nib".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar ", should be -rw-r--r-- , they are lrwxr-xr-x .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Classes/jconsole.jar ".
User differs on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib", should be 95, user is 0.
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/lib".
User differs on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Libraries", should be 95, user is 0.
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Libraries".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Home/lib/security/cacerts", should be -rw-r--r-- , they are lrwxr-xr-x .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Home/lib/security/cacerts".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Resources/Java/deploy.jar", should be -rw-r--r-- , they are lrwxr-xr-x .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Resources/Java/deploy.jar".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Resources/Java/libdeploy.jnilib", should be -rwxr-xr-x , they are lrwxr-xr-x .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/ Contents/Resources/Java/libdeploy.jnilib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/zh_TW.lproj/RemoteDesktopMenu.nib" , should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/zh_TW.lproj/RemoteDesktopMenu.nib" .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/zh_TW.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/zh_TW.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/zh_TW.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/zh_TW.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/zh_TW.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/zh_TW.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/zh_CN.lproj/RemoteDesktopMenu.nib" , should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/zh_CN.lproj/RemoteDesktopMenu.nib" .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/zh_CN.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/zh_CN.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/zh_CN.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/zh_CN.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/zh_CN.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/zh_CN.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/ko.lproj/RemoteDesktopMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/ko.lproj/RemoteDesktopMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/ko.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/ko.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/ko.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/ko.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/ko.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/ko.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Dutch.lproj/RemoteDesktopMenu.nib" , should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Dutch.lproj/RemoteDesktopMenu.nib" .
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Dutch.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Dutch.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Dutch.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Dutch.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Dutch.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Dutch.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Italian.lproj/RemoteDesktopMenu.ni b", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Italian.lproj/RemoteDesktopMenu.ni b".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Italian.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Italian.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Italian.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Italian.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Spanish.lproj/RemoteDesktopMenu.ni b", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Spanish.lproj/RemoteDesktopMenu.ni b".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Spanish.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Spanish.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Spanish.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Spanish.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Spanish.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Spanish.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/French.lproj/RemoteDesktopMenu.nib ", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/French.lproj/RemoteDesktopMenu.nib ".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/French.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/French.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/French.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/French.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/French.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/French.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/German.lproj/RemoteDesktopMenu.nib ", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/German.lproj/RemoteDesktopMenu.nib ".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/German.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/German.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/German.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/German.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/German.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/German.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Japanese.lproj/RemoteDesktopMenu.n ib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Japanese.lproj/RemoteDesktopMenu.n ib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Japanese.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Japanese.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Japanese.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/Japanese.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Japanese.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/Japanese.lproj/MainMenu.nib".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle/Contents/Resources/Java/deploy.jar", should be -rw-r--r-- , they are lrwxr-xr-x .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle/Contents/Resources/Java/deploy.jar".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle/Contents/Resources/Java/libdeploy.jnilib", should be -rwxr-xr-x , they are lrwxr-xr-x .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/JavaPlugin Cocoa.bundle/Contents/Resources/Java/libdeploy.jnilib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/English.lproj/RemoteDesktopMenu.ni b", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/English.lproj/RemoteDesktopMenu.ni b".
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/English.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/English.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/English.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreenLeopard386.app/Contents/Resources/English.lproj/MainMenu.nib".
Permissions repair complete -
Hey All,
I am a bit new to Directory Server please excuse any stupid ?'s here.
I have and application that is using ldap to authenticate. Right now it's using directory manager to authenticate. I have created a user "testuser" entry that is located in ou=People,o=foo.com. I have an ACI restricting testuser to only be able to view ou=People, o=foo.com, o=foo.com as there are other directories under o=foo.com,o=foo.com. I need to be able to resrtict testuser to only be able to read/search on attributes uid, userPassword and cn. I have created an ACI for this located in ou=People, o=foo.com,o=foo.com directory. It is -
(targetattr = "uid || cn || userPassword")
(target = "ldap:///ou=People, o=foo.com,o=foo.com")
(version 3.0;acl "access only for uid, cn, userpassword user=testuser
;allow (read,search) (userdn = "ldap:///uid=testuser, ou=People, o=foo.com");)
I have tried different variations but none seem to work. Is what I am trying to accomplish possible? From what I've read theoreticly it should be. Also I have noticed that on o=foo.com there is an ACI for all access
(targetattr != "userPassword || passwordHistory || passwordExpirationTime ||
passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime
|| passwordAllowChangeTime ")
(version 3.0; acl "Anonymous access";
allow (read, search, compare)userdn = "ldap:///anyone";)
Now would this take precedence over my ACI on ou=People,o=foo.com,o=foo.com? I've read that
ACI's are more designed for Deny All an only open to those select few, is this true? If I deny all on o=foo.com will any allow ACI's ever work.
Thank in advance!As a recalled, I once answerer a similar question here.
If you want to deny some "access", try to use "deny" instead of "allow". For example, if you only want to allow "read, search", try use deny "delete ...". -
Questions about OS X Server Wiki Service
I'm trying to get familiar with Mountain Lion OS X Server. I got questions here and hope somebody would help...
When I start Websites and access it using "server.local" or "localhost", I get a web page server from the directory - this is correct. Then, I started Wiki and access it at the same address. I get served from the Wiki server. So, does this mean that starting the Wiki server will always replace the Web site hosting service? How do I easily make the Web server serve at port 80 and 443, and set another port for the Wiki.
If I want to use HTTP realm to prevent anyone from accessing the Wiki, what is the easiest way to configure it? (Basically, I want to prompt for password whenever the wiki is access. That is, no public/global access even though the Wiki is hosted on the public Internet.) If this is not easy to configure, then I can consider setting up VPN.
Further, in this documentation: [https://help.apple.com/advancedserveradmin/mac/10.8/#apd59153f0a-7ed3-4c64-9c74- 3a1fff831475], it says the collabd_url is running on port 4444. However, when I access it on that port, I get a blank page. Why?
And, on the same documentation page, there is a field called "use_sandbox_server" and the 'default' is "true". This setting is actually not found when I opened the 'collabcored.plist' file, and the Activity Monitor shows that it is not sandboxed. Can anyone provide some clues on what's happening?
Lastly, what are the software behind which powers with Wiki? (ie. what is the database, and it it actually a PHP appication, etc.?)
Thanks!
Kevin.
P.S. I search for answers on Apple documentation but could not seem to find the answers. Hope someone could help...Try using this info, its for Rumpus (who make a 3rd party FTP server) but the same method can be used to make any virtual host, so you can have more than one service running on the same port (or appear to run on the same port)
OS X Server Users:
OS X Server uses the Apache Web service, but uses special configuration files in the process. Changing the Apache config files directly may have inconsistent results. Try creating a virtual server in OS X Server, and then modifying the OS X Server config file for that virtual domain.
For example, to set up an alternate service using the "rumpus.acme.com" domain name, you would create a Web site in OS X Server called "rumpus.acme.com". Once you have done that, look in the folder:
/Library/Server/Web/Config/apache2/sites
There you will find a file that includes the alternate domain name, like "0000_any_80_rumpus.acme.com.conf". In that file is a VirtualHost configuration block which can be modified to include the proxy directives shown above. Some of OS X Server's configuration options, like the "IfModule" and "Directory" blocks, can be removed, since the virtual server won't actually be processing files from the file system. Other config options, like ServerName and ServerAdmin, can be left as specified by OS X Server.
Here is an example:
<VirtualHost *:80>
ServerName rumpus.acme.com
ServerAdmin [email protected]
DocumentRoot "/Users/Shared"
DirectoryIndex index.html index.php /wiki/ default.html
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://rumpus.acme.com:8000/
ProxyPassReverse / http://rumpus.acme.com:8000/
</VirtualHost>
Remember to stop and start the Apache service (using OS X Server if you have customized the OS X Server config file) after making changes to force Apache to reload changes. -
Apex Newbie question !!!!! HTTP server ????
I am newbie at APEX. I have a DBA background, but no experience with Oracle applications.
I DO respect your time, and have tried to find this info on teh docs, but, honestly, can not find it. And I looked over everywhere, metalink, otn, gogling. I thought that I would find it on these forums under some form of FAQs, but have not found the answer :-(
I have installed oracle database 11g for windows on my laptop, and when installing APEX 3.2, it asks me to stop the http server and ..... :-)
Now, I have a question regarding the Oracle HTTP server, which is supposed to be isntalled with the 11g, instead of the Companion CD, which no longers exist.
First question. We have a http server that is used by oracle EM database control, correct ? I do not see a service for it on the Services list. Teh apex application install asks for stopping/starting the http server. How do we do that ? AND, where the the http server binaries located ? I did a search for apache, and found it under C:\app\oracle\product\11.1.0\db_1\perl\site\5.8.3\lib\Apache, but no binaries there, or under ORACLE_BASE\bin either.
What do I setup for ORACLE_HTTPSERVER windows environment on a brand new 11g database install ?
Now, I see that we can get HTTP server from BEA install. I was trying to keep APEX from using a web server tier here. To me, the beauty of APEX is to not have to manage BEA, or any other tier. Keep it simple, at least for development, and keep everything on the DB, and simply use the native HTTP server.
So, this is a VERY basic question, but how do I do that ? I will worry about what I can and can not do with the native HTTP server or BEA later. I just want to get this up and running so that I can start playing with it.
Thanks,
HenriqueHere is my latest update before I go to bed :-(
I was able to install the HTTP server, but had some issues later down on the apex install.
C:\app\oracle\product\10g-iAS-http-server\opmn\bin>opmnctl status
Processes in Instance: IAS-1
--------------------------------------------------------------+---------
ias-component | process-type | pid | status
--------------------------------------------------------------+---------
HTTP_Server | HTTP_Server | 5204 | Alive
I am able to see the welcome page for the web server here
http://localhost:7777/
I am able to reset the admin password, ( by the way, I did setup the gateway as well :-) ). I am not sure what happens when you have both the gateway and the web server setup. Now, when try to login to the apex admin account using either
http://localhost:7777/apex/apex_admin or
http://localhost:7777/pls/apex/apex_admin, nothing happens besides a HTTP-404 error.
Now, when I had the port set to 8080, via the commands
SQL> EXEC DBMS_XDB.SETHTTPPORT(8080);
PL/SQL procedure successfully completed.
SQL> SELECT DBMS_XDB.GETHTTPPORT FROM DUAL;
GETHTTPPORT
8080
and try to login again here
http://localhost:7777/pls/apex/apex_admin
I do get a prompt, but when i enter admin, and the password I have setup, it does not allow me to get in :-(
Now, I need some explanation of this DAD file, as I am not sure if I need it to simply login during install. Here is the man page from the install doc :
3.4.11.1 Creating a Workspace Manually
To create an Oracle Application Express workspace manually:
Log in to Oracle Application Express Administration Services. Oracle Application Express Administration Services is a separate application for managing an entire Oracle Application Express instance. You log in using the ADMIN account and password created or reset during the installation process.
In a Web browser, navigate to the Oracle Application Express Administration Services application.
If your setup uses Apache and mod_plsql, go to:
http://hostname:port/pls/apex/apex_admin
Where:
hostname is the name of the system where Oracle HTTP Server is installed.
port is the port number assigned to Oracle HTTP Server. In a default installation, this number is 7777.
pls is the indicator to use the mod_plsql cartridge.
***apex is the database access descriptor (DAD) defined in the mod_plsql configuration file.***
Here it mentions this DAD file, and I am not sure if I need it now, and even, how to reference it. My database name is called apex, but I do not have anything on my dads.conf file. Should I have something there ? I see a sample such as this from the README.DADs file :
<Location /plsqlapp>
SetHandler pls_handler
Order deny,allow
Allow from all
AllowOverride None
PlsqlDatabaseUsername scott
PlsqlDatabasePassword tiger
PlsqlDatabaseConnectString orcl
PlsqlAuthenticationMode Basic
PlsqlDefaultPage scott.home
PlsqlDocumentTablename scott.wwdoc_document
PlsqlDocumentPath docs
PlsqlDocumentProcedure scott.wwdoc_process.process_download
</Location>
It is a bit late tonite. Tomorrow I will get back at it.
Thanks for any help, but I must be doing something really obvious to you guys here, and I can't see it :-(
Cheers,
Henrique -
Simple question:
I'm doing a one-off PHP/MySQL application where everything runs locally. Firewall activated, so I'm not too worried about security. :-/ Apache is configured as included with Tiger. Using Marc Lianage's PHP binary. MySQL is 5.0.
Here the rub: I have a bunch of images in /Users/MyDir/Images that I want to access from HTML pages being served from /Library/WebServer/Documents/Dir/Path/prog.php.
This is what I added right under the <Directory /> block (under, not in) in httpd.conf:
<pre>
<Directory /Users/MyUser/Images>
Order allow,deny
Allow from all
</Directory>
</pre>
Horribly insecure. I know. The problem is that these files aren't being served. The HTML is fine, but nothing is rendered. Is my directive correct? Is there something else I'm missing?
Thanks,
Mark
P.S. I couldn't find a high-traffic Usenet group for this question--any suggestions?
Message was edited by: chollapete for formatting.Gnarlodious for the win!
I'll just recap the fix for anyone who searches after me:
The way I read the apache.org documentation, being able to access directories and files not under the Apache Documents root seems to require both the Alias directive and the Directory directive in the httpd.conf configuration file.
It also requires that the entire filepath be have *nix file permissions set so the Apache user has permission to access the entire actual pathname. Experimentation showed that all directories in the pathname have to have both read and execute permissions set. Since Apache as configured by Apple runs as a different user and group than you, all directories in the pathname must be world-readable and world-executable.
However, when I commented out the <Directory> block shown below, it still worked the way I wanted. So, maybe you just need the Alias directive.
I'm certainly no Unix guru and everything I'm doing runs locally behind a firewall, so know what you're doing if you use this information. :-/
Here's the recap of what I added to httpd.conf:
<pre>
Alias /image_dir /Users/MyDir/SubDir
#<Directory /Users/MyDir/SubDir>
#Options Indexes FollowSymLinks MultiViews
#AllowOverride None
#Order allow,deny
#Allow from all
#</Diretory>
</pre>
This was placed immediately after the <Directory "/Library/WebServer/Documents"> block that is part of the as-shipped configuration file. This, and the aforementioned changes to make the actual filepath accessible to the apache process.
HTH. Use at your own risk!
Peace out. -
Apache user dir (13)Permission denied: access to /~simha/ denied
I am getting Access forbidden! when I am trying to connect to http://localhost/~simha/ where simha is my user name
my /var/log/httpd/error_log says
[Thu Jul 08 17:44:30 2010] [error] [client 127.0.0.1] (13)Permission denied: access to /~simha/ denied
I tried a lot and gave up. Can any one help me in this in regard
The following are the permisions of my home dir simha and public_html
drwx--x--x 130 simha users 16384 Jul 8 17:04 simha
drwxr-xr-x 2 simha users 4096 Jul 8 17:02 public_html
The following are my httpd.conf
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd//var/log/httpd/foo_log".
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/etc/httpd"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 80
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/http"
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "/srv/http">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks includes
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock /var/run/httpd/cgisock
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# phpMyAdmin configuration
Include conf/extra/httpd-phpmyadmin.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/php5_module.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
The following are my /etc/httpd/conf/extra/httpd-userdir.conf
# Settings for user home directories
# Required module: mod_userdir
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Note that you must also set
# the default access control for these directories, as in the example below.
UserDir public_html
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
I also tried adding user to the group http. BUt nothing is working.Do you have [or more like lack] +x on the user folder?
-
[Solved] Permission denied for imgs in apache home folder
Hi,
I'm getting 403 error when trying to open a captcha image with the browser (generated by codeigniter PHP framework with captcha helper and Tank Auth library) the imgs are created with the http owner with permission "-rw-r--r--" inside a captcha folder
with 777 permissions.
The apache local server is configured to use the documentRoot to a www folder in /home dir with this permissions "drwxr-xr-x"
Have http group and users created like the arch wiki LAMP section.
The httpd.conf is confgured like this:
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/home/lucas/www"
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "/home/lucas/www">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
Last edited by crosssover (2012-09-17 23:20:57)Here is the log massge
[Sun Sep 16 14:26:47 2012] [error] [client ::1] File does not exist: /home/lucas/www/favicon.ico
[Sun Sep 16 14:26:47 2012] [error] [client ::1] client denied by server configuration: /home/lucas/www/test/application/captcha/1347816281.8856.jpg -
Stuck in course before quiz question
Hi. I have a course where users get to a quiz question, then after going backwards to review content prior to that quiz question, then upon trying to go forward again, gets stuck on the content slide right before that quiz question and can never move forward again.
Quiz is set to Answer All, allow backward movement
Course is locked for every slide, Advnace by userHi,
Please check the number of attempts you have allowed per question, if the attempt set per question is one, the slide would get locked and would not allow any further attempts to be made
Please check the attempts for each question, modify it with number that you would like to allow.
Thanks,
Anjaneai
Maybe you are looking for
-
These were all songs I had ripped from old CDs, lot of which, I no longer have. I can't remember that artists' names for all these songs. They are all "oldies" from the fifties and I just accidentally changed the artist for all them to Fats Domino.
-
Adobe reader 9.0 + Adobe Acrobat 5.0 on Internet explorer 7.0 ?
Hello! I possess Adobe Acrobat 5.0 to create some PDF documents I possess Adobe Reader 9.0 to read some PDF The 2 programs operate WindowsXP SP3 well. I don't manage to open a PDF file with Internet Explorer 7.0 = he looks for has open Acrobat instea
-
Interconnect 10g problem with XML which has mixed contents
I'm having problem to receive a XML message which contains PCDATA and other child element Mixed. Here is the sample DTD. I'm able to create the CV and AV by importing this DTD. But at runtime, if the inbound XML contains PCDATA and other element mixe
-
I share my itune account with 2 other people. that way we share music and apps can I use the same ID for both my icloud and the Itune account and use different passwords so the other people don't have access to my personal emails etc on icloud???? t
-
Is there a way to create a custom dimensions for a sequence in fce? I know I can when I export but things often get mixed up when you work with one dimension and export in another. I want to work in the dimension I will export in (for specialty video