Disallow for file system access

Similar Messages

• Search event logs for file system access

  I'm looking to create a script that will allow me to search Windows 2012 security event logs for access to specific folders.  Ideally it would allow the granularity to search for read access events (4663) and specify specific users to view.  One
  example would be to show events for drive F:\ where the folder name is JSmith (including subfolders) and the username is not JSmith.
  I've tried something like this, but can't see how to filter.
  Get-EventLog security | ? {$_.Message.contains("F:\JSmith")}

  Is the match explicit?  How can I use wildcard?  How can I exclude events?
  I recommend asking a search engine and doing some initial research. Here's a starter:
  https://technet.microsoft.com/en-us/library/hh849682.aspx
  http://blogs.msdn.com/b/powershell/archive/2009/06/11/windows-event-log-in-powershell-part-ii.aspx
  http://blogs.technet.com/b/ashleymcglone/archive/2013/08/28/powershell-get-winevent-xml-madness-getting-details-from-event-logs.aspx
  http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/24/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing.aspx
  https://richardspowershellblog.wordpress.com/2009/03/08/get-winevent/
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• SAP File System Access - SLD Naming Convention/Suggestions

  I would like to access our ECC file system to pick up files we will use to create Idocs.   
  I'm wondering the best way to describe the file system access in the SLD.   
  I have a business system for the main client on the ECC  system (BS_ED1CLNT010) for example but the OS isn't client specific.    I could use this as the Business System in the scenario and define a file adapter that connects to the unix server.
  Any thoughts?

  Maybe I didn't frame my question properly.  
  In the ECC system we have multiple clients (20,30,40, etc).  If I am going to post an Idoc to a client in this system I need to define each as a business system in the SLD and import this to the Integration Directory.    So I would have BS_XXXCLNT010, BS_XXXCLNT020, etc, one for each client.   These all share the same Technical System.    If I want to post an Idoc to a client on the ECC system I have to define a Business System and interface to that and every client that will receive an Idoc. (as well as the ALE settings on the ECC)
  Each of these reside on the same SAP server (sap00001 for example) and there is a directory (/public for example)  on this server.     This isn't client specific.  
  I wish to pick up a file from the ECC file system and post a client on the ECC system (maybe different ones based on the data in the file).   
  I don't want to define the file adapter under BS_XXXCLNT020 since it isn't specifc to client 020 although that would work.  
  Do I create a new TS in the SLD as third party, stand alone java, and a BS for that?    TS_XXX_FILESYSTE (3rd party).  BS_XXX_FILESYSTEM for the TS?
  I'm really looking for clarity in the definition of the SLD.

• Direct File System access problems from JAWS application

  Hello,
  I have built a Web Start application that consists of a Webserver (Jetty) ,
  a WAR file and a Java (main) class that deploys the web application on
  the server and starts the server. It all works fine, apart from the fact
  that I am getting java.security.AccessControlExceptions when I try to
  access the local filesystem or system variables like the java.io.tmpdir.
  I have signed all the jar files and I included the<security> <allpermissions />
  </security> tag in the jnlp file. Still, I can't seem to get out
  of the sandbox.
  I have read in this article (http://mindprod.com/jgloss/javawebstart.html)
  that direct file system access from a Web Start application is impossible
  (Quote: "There is still no way for even a signed JAWS app to
  find some persistent disk space in an easy way. It pretty well
  has to ask the user for the name of some directory to use.")
  Is this true?
  Thank you,
  Peter

  Hi Guys,
  I found a way to access the local filesystem...
  Besides signing all the jar files and including the<security><allpermissions /></security> tag in the jnlp file I have to include this line in the code I execute on the client machine:
  System.setSecurityManager(null);
  Regards,
  Peter

• Whether will falsh player support  Unrestricted File System Access in Full Trust ?if it will , when?

      I am doing a software based on Flash , to provide my customer to edit pictures online.
      In some scenario, to get Full Acess Local File is necessary. I find SliverLight 5.0 had supported such features:
  Unrestricted File System Access in Full Trust
  Full Trust in-browser for enterprise scenarios
  Default Filename in SaveFileDialog and OpenFileDialog
     I really desire those features , so , I am wondering whether adobe will support it .If will, when?

  Please read the below flash player administrator guide
  http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flas h_player_11_7_admin_guide.pdf
  check the section "The User FlashPlayerTrust directory". It will help.

• Is possible control tape library slot 1 - 10 for file system backup

  hi ..
  i am new to osb , i just install and setup osb , i have a question as below , hope expert can help me
  env: testing
  rhel 5.5
  tape library with 20 slot
  file system backup
  1. is possible osb only use slot 1 - 10 for file system backup ? amanda can control slot x - slot y for the configuration .
  2. how do i label the tape for slot 1 - slot 10 by obtool ? how to control osb auto load the tape for next backup ? where to check the log say that next tape is tape-02 ?
  thanks ..

  hi dcooksey
  how do i use list for a tape drive...for example, if you want tape drive A to only use slots 1-10 from obtool or webtool ?
  becoz i new to backup solution & osb ( i always use ghost or acronis to clone the image ) , my thinking as below , pls correct me if i am wrong
  slot 1 - 10 for daily backup
  slot 11-16 for full system backup
  slot 17 - 20 reserve ( this tape only use for full system backup before perform any application upgrade patches , )
  daily backup mon - fri ( 2 week ) ( no backup on saturday and sunday ) , server application offline
  full system backup friday ( 1 , 14 on calendar ) every 2 week perform full system backup after daily backup completed
  for upgrade application ,
  perform full system backup after daily backup , then release the server to application team to perform upgrading .
  so how to set my media family for the above setting ? the slot configuration is control by media family ?
  hope you can help ...

• URM Adapter for File System issue.

  Hi, I am just starting out on using the URM Adapter for File System and I have a few questions about issues I am facing.
  1.     When I try to create multiple searches and map them to Folders/Retention Categories in URM, it does not work. I am able to map one search via one URM source to one Folder/Retention Category (without my custom attribute from question 1). However in Adapter’s Search Preview I am able to perform a search on the documents successfully. Would different searches require different URM sources in Adapter?
  2.     Does the adapter work with other Custom Attributes? I have added an attribute in addition and in the same way as "URMCrawlTimeGMT" is added in Oracle Secure Enterprise Search (I created a custom Document Service and Pipeline to add a metadata value) and in the URM Adapter’s config.properties file and when I create a search in Adapter based on the custom attribute, it does not map the documents into URM. I am however able to search the documents in Adapter’s Search Preview window with the custom attribute displaying correctly.
  Any help with this topic would be really appreciated. Thank you.
  Regards,
  Amar

  Hi Srinath,
  Thanks for the response, as to your questions,
  1. I am not sure how to enable Records Manager in adapter mode. But I am able to login to the Records Manager web page after starting it up through StartManagedWebLogic.cmd URM_server1.
  2. The contents of the file system should be searchable in Records Manager, and should be able to apply retention policies to the documents in the file system, I do not need to have SES, but apparently the adapter needs to have SES as a pre requisite.
  Upon further investigation I found that in the AGENT_DATA table the values being inserted were "User ID"(UA_KEY) and NULL(UA_VALUE), so I just made the UA_VALUE column nullable and I was able to pass that step. Is this the wrong approach to fix the issue.
  Could you please let me know about enabling Records Manager in adapter mode, I am not able to find documentation online, I have been through the Adapter installation and administration guides. Thank you once again.
  Regards,
  Amar

• What is the minimum file system access needed to run ODI 10.1.3.4.0 client?

  Hi ODI discussion folks,
  I have a couple of questions from an Oracle partner that I'm trying to find a definitive answer for if possible. The partner is setting up ODI 10.1.3.4.0 for a customer who insists that the absolute minimum amount of access to the file system is granted due to corporate security policies.
  I have checked the bundled ODI documentation but couldn't really find anything about file system permissions needed to run the ODI client. I was pointed towards the "Setting Up Security for an Integration Project — What to Consider" document but this does not mention a great deal about how much access to the file system is needed for the ODI client to function.
  What the partner is asking is the following:
  "1. What are the minimum file/folder permissions needed for the ODI client installation? I'm installing at xxxxx
  and their machines have to be locked down as much as possible.
  2. Say you have 3 users all wanting to run integrations etc and the Master and Work
  repositories have been set up. An admin installs the ODI client but doesn't
  create the connection to the Master repository. What are the minimum
  file/folder permissions required on the client machine to:
  a) create the connection to the repository
  b) run any subsequent integrations?"
  If anyone can advise on this then that would be much appreciated.
  Regards
  Craig Huggans
  Oracle Hyperion Support
  Message was edited by:
  user648991

  Hi Craig,
  How are you?
  Let me try to contribute a little....
  1) The minimum requirement is for its own installation directory, there is no reason to have access to other directories unless if it is necessary to read files from some other directory at the client
  2) Again only to its own install directory. The connection setting is recorded at \bin install directory. After that, all information are recorded at repository, there is no client work.
  Be free to contact me by email or phone if you have any new doubt. You can get my email from my profile.
  Does it respond your doubts?
  Cezar Santos

• Search for files by ACCESSED dates?

  Hi,
  I work in an art department that has a server full of advertisements, thousands of files, which are Illustrator and Photoshop files, TIFF and EPS files, and Freehand files. There hasn't been a good archive system in place here for years, so there's many needless files on the server that need to be archived.
  What I'm looking for is a way to search the ads folder on our server for files that haven't been accessed since a specified date (like two years). I don't mean last modified or created date, but accessed, because an ad in Illustrator may have a linked TIFF in it that was created or modified 5 years ago, but is still in use and accessed by Illustrator for ads currently running. I want to be able to archive the items that haven't been touched in a couple years without accidentally breaking links or having to do it manually through thousands of files.
  Is there no way in the Finder to do this?

  I don't have that many old files to play with it, but you can use the Finder's "Find…" to do a raw query of Spotlight's metadata. In the search terms, add a *Raw Query* type with something like *kMDItemLastUsedDate < $time.this_year(-2)* - this example will search for items with a last used date less than year 2005. The time and query syntax is explained a bit in [this developer document|http://developer.apple.com/documentation/Carbon/Conceptual/SpotlightQu ery/Concepts/QueryFormat.html#//apple_ref/doc/uid/TP40001849-CJBEJBHH].

• Ext3fs file system access on Sparc SCSI disk

  We've got a requirement to read data from a SCSI disk with an ext3fs file system which will be connected to a SunBlade system. Write capability would be a bonus.
  We've found some old (and not working) implementations to allow Solaris to mount and read ext2, but these don't work on Sparc. Things like LTools won't work either, since Solaris won't allow access to a SCSI disk that doesn't have a Solaris label on it.
  Does anyone know of any possible solutions to this problem? Any one know of ext3fs for Solaris? Any one know how to access an internal SCSI disk on Sparc that doesn't have a Solaris label on it?
  Thanks
  Ed

  Hmmmmmm........Thanks for the suggestions - have written a test and the results arent good.
  Using file filter to "find" the file is just too slow (1.4 secs and i need to do this 4million times for my application).
  So I understand why the filter is slow compared to directly naming the file as we have to accept/reject them all, whereas if we know the file we can go straight to it. But this is a nightmare for my app. Looks like Im going to have to think again....
    public static void main(String[] args) throws Exception {
      String dir = "/path/files";
      File dirf = new File(dir);
      long l = System.currentTimeMillis();
      File f1 = new File(dirf,"TheRealFile.3253.ser"); // The file in the 30,000 we want
      InputStream i = new FileInputStream(f1);
      System.err.println("--> "+i.read());
      i.close();
      System.err.println("Took: "+(System.currentTimeMillis()-l)+" ms");
      // Test 2
      FileFilter ffx = new FileFilter() {
        public boolean accept(File s) {
          return s.isFile() &&
                 s.getName().startsWith("TheRealFile")
                 && s.getName().endsWith(".ser");
      l = System.currentTimeMillis();
      File [] f2 = dirf.listFiles(ffx);
      //System.err.println("Found: "+f2[0]);
      InputStream i2 = new FileInputStream(f2[0]);
      System.err.println("--> "+i2.read());
      i2.close();
      System.err.println("Took: "+(System.currentTimeMillis()-l)+" ms");
  --> 172
  Took: 0 ms
  --> 172
  Took: 1482 ms

• Motorola file system access

  hi,
  I wrote a Midlet to access image files on my motorola v3x.I also checked it by Device Emulator .It is working fine.But when i installed in my phone it is not worked.So,if any body worked on this please help me.
  sorry for my bad english.thanks in advance

  We have to start it from begining ..
  Does the device supports full implementation of JSR75. MOTO devices dont support complete implementations. like RAZRv3 i claims to support JSR75 but doesnt supports complete implementation.
  A. Check Call to System.getProperty with key microedition.io.file.FileConnection.version
  should return the implementation version number starting with 1.0
  B.Files read/write permissions should be supported by the device�s native system:
  � javax.microedition.io.Connector.file.read - should enable reading from the file
  system (hereinafter just �read permission�).
  � javax.microedition.io.Connector.file.write - should enable writing to the file
  system (hereinafter just �write permission�).
  If A and B are true ..u can start with below points.
  If it supports the complete implementation, then
  1. is it able to install properly.
  2. Have u specified permissions in the JAD file for the same?
  3. at what stage is it not working, when the file write code is being executed ??
  Message was edited by:
  aeran1

• Unix shell: Environment variable works for file system but not for ASM path

  We would like to switch from file system to ASM for data files of Oracle tablespaces. For the path of the data files, we have so far used environment variables, e.g.,
  CREATE TABLESPACE BMA DATAFILE '${ORACLE_DB_DATA}/bma.dbf' SIZE 2M AUTOEXTEND ON;
  This works just fine (from shell scripts, PL/SQL packages, etc.) if ORACLE_DB_DATA denotes a file system path, such as "/home/oracle", but doesn’t work if the environment variable denotes an ASM path like "\+DATA/rac/datafile". I assume that it has something to do with "+" being a special character in the shell. However, escaping "\+" didn’t work. I tried with both bash and ksh.
  Oracle managed files (e.g., set DB_CREATE_FILE_DEST to +DATA/rac/datafile) would be an option. However, this would require changing quite a few scripts and programs. Therefore, I am looking for a solution with the environment variable. Any suggestions?
  The example below is on a RAC Attack system (http://en.wikibooks.org/wiki/RAC_Attack_-OracleCluster_Database_at_Home). I get the same issues on Solaris/AIX/HP-UX on 11.2.0.3 also.
  Thanks,
  Martin
  ==== WORKS JUST FINE WITH ORACLE_DB_DATA DENOTING FILE SYSTEM PATH ====
  collabn1:/home/oracle[RAC1]$ export ORACLE_DB_DATA=/home/oracle
  collabn1:/home/oracle[RAC1]$ sqlplus "/ as sysdba"
  SQL*Plus: Release 11.2.0.1.0 Production on Fri Aug 24 20:57:09 2012
  Copyright (c) 1982, 2009, Oracle. All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
  Data Mining and Real Application Testing options
  SQL> CREATE TABLESPACE BMA DATAFILE '${ORACLE_DB_DATA}/bma.dbf' SIZE 2M AUTOEXTEND ON;
  Tablespace created.
  SQL> !ls -l ${ORACLE_DB_DATA}/bma.dbf
  -rw-r----- 1 oracle asmadmin 2105344 Aug 24 20:57 /home/oracle/bma.dbf
  SQL> drop tablespace bma including contents and datafiles;
  ==== DOESN’T WORK WITH ORACLE_DB_DATA DENOTING ASM PATH ====
  collabn1:/home/oracle[RAC1]$ export ORACLE_DB_DATA="+DATA/rac/datafile"
  collabn1:/home/oracle[RAC1]$ sqlplus "/ as sysdba"
  SQL*Plus: Release 11.2.0.1.0 Production on Fri Aug 24 21:08:47 2012
  Copyright (c) 1982, 2009, Oracle. All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP,
  Data Mining and Real Application Testing options
  SQL> CREATE TABLESPACE BMA DATAFILE '${ORACLE_DB_DATA}/bma.dbf' SIZE 2M AUTOEXTEND ON;
  CREATE TABLESPACE BMA DATAFILE '${ORACLE_DB_DATA}/bma.dbf' SIZE 2M AUTOEXTEND ON
  ERROR at line 1:
  ORA-01119: error in creating database file '${ORACLE_DB_DATA}/bma.dbf'
  ORA-27040: file create error, unable to create file
  Linux Error: 2: No such file or directory
  SQL> -- works if I substitute manually
  SQL> CREATE TABLESPACE BMA DATAFILE '+DATA/rac/datafile/bma.dbf' SIZE 2M AUTOEXTEND ON;
  Tablespace created.
  SQL> drop tablespace bma including contents and datafiles;

  My revised understanding is that it is not a shell issue with replacing +, but an Oracle problem. It appears that Oracle first checks whether the path starts with a "+" or not. If it does not (file system), it performs the normal environment variable resolution. If it does start with a "+" (ASM case), Oracle does not perform environment variable resolution. Escaping, such as "\+" instead of "+" doesn't work either.
  To be more specific regarding my use case: I need the substitution to work from SQL*Plus scripts started with @script, PL/SQL packages with execute immediate, and optionally entered interactively in SQL*Plus.
  Thanks,
  Martin

• Issues with setting appropriate ownership for file system

  Hi All,
  We are using ACFS File system. For some of the mount point we have set to change ownership according to requirement in rc.local file So that all permissions remain intact when the server restarts. But the permissions are not taking into account. Only after the rc.local is executed ASM disks are mounted I guess. Is there any where else can we write scripts to change ownership of mount points for ACFS so that when the disks are mounted proper Unix permissions are setup.
  Thanks & Regards,
  Vikas Krishna

  To configure raw devices if you are using Red Hat Enterprise Linux 4.0:
  To confirm that raw devices are enabled, enter the following command:
  # chkconfig --list
  Scan the output for raw devices. If you do not find raw devices, then use the following command to enable the raw device service:
  # chkconfig --level 345 rawdevices on
  After you confirm that the raw devices service is running, you should change the default ownership of raw devices. When you restart a Red Hat Enterprise Linux 4.0 system, ownership and permissions on raw devices revert by default to the root user. If you are using raw devices with this operating system for your Oracle Clusterware files, then you need to override this default.
  To ensure correct ownership of these devices when the operating system is restarted, create a new file in the /etc/udev/permissions.d directory, called oracle.permissions, and enter the raw device permissions information. Using the example device names discussed in step 5 of the previous section, the following is an example of the contents of /etc/udev/permissions.d/oracle.permissions:
  # OCR
  raw/raw[12]:root:oinstall:0640
  # Voting Disks
  raw/raw[3-5]:oracle:oinstall:0640
  # ASM
  raw/raw[67]:oracle:dba:0660
  After creating the oracle.permissions file, the permissions on the raw devices are set automatically the next time the system is restarted. To set permissions to take effect immediately, without restarting the system, use the chown and chmod commands:
  chown root:oinstall /dev/raw/raw[12]
  chmod 640 /dev/raw/raw[12]
  chown oracle:oinstall /dev/raw/raw[3-5]
  chmod 640 /dev/raw/raw[3-5]
  chown oracle:dba /dev/raw/raw[67]
  chmod 660 /dev/raw/raw[67]
  http://download.oracle.com/docs/cd/B19306_01/rac.102/b28759/preparing.htm#CHDGEEDC
  Edited by: Babu Baskar on Apr 18, 2010 1:33 PM

• 888k Error in ULS Logs for File System Cache

  Hello,
  We have a SharePoint 2010 farm in a three-tier architecture with multiple WFEs and APP servers.
  Roughly once a week we will have a number of WFEs seize up and jump to 100% CPU usage. Usually they come in pairs; two servers will jump to 100% at the same time while all the other servers are fine in the 20% - 50% range.
  Corresponding to the 100% CPU spike, the following appear in the ULS logs:
  "File system cache monitor encoutered error, flushing in memory cache: System.IO.InternalBufferOverflowException: Too many changes at once in directory:C:\ProgramData\Microsoft\SharePoint\Config\<GUID>\."
  When these appear, the ULS logs will show hundreds back-to-back flooding the logs.
  I have yet to figure out how to stop these and bring the CPU usage down while the incident is happening, and how to prevent them in the future.
  While the incident is happening, I have tried clearing the configuration cache, shutting the timer jobs down on each server, deleting all the files but config.ini in the folder listed above, changing config.ini to 1, and restarting the timer. The CPU will
  drop momentarily during this process, but as soon as all the timer jobs are restarted the CPUs jump back to 100% on the same servers.
  This week as part of my weekly maintenance I thought I'd be proactive and clear the cache even though the behavior wasn't happening, and all CPUs were normal. As soon as I finished, the CPU on two servers that were previously fine jumped to 100% and wouldn't
  come down. Needless to say, users complain of latency when servers are at 100% CPU.
  So I am frustrated. The only thing I have found that works when the CPUs jump to 100% with these errors are a reboot. Nothing else, including IISReset and stopping/starting the admin and timer job services work. Being Production systems, reboots during the
  middle of the day are bad.
  Any ideas? I have scoured the Internet resources on this error and have come up relatively empty-handed. All the articles reference clearing the configuration cache, which, in my instance, does not get rid of these issues, and can even trigger them.
  Thanks,
  Joseph Irvine

  Take a look at http://support.microsoft.com/kb/952167 for the list of recommended exclusions per Microsoft.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• File Size capped at 32bit for File System Data soruce?

  I have a report that uses the "File System Data" source. I am using it to find files older then 30 days of type BAK or TRAN. That all works well but the "File Size" field does not display the correct information. For example I have a file that is 191GB or 205,192,528,384 Bytes, but the report displays it as 4,294,967,295 this corresponds with the max for a 32bit INT. Can anyone confirm that this is a limitation of the driver? Is there are 64bit CRDB_FILESYSTEM.DLL?
  Regards

  Hi Thomas
  What version of CR are you using? Please look for the version in the Help | About screen of the designer.
  - Ludek
  Senior Support Engineer AGS Product Support, Global Support Center Canada
    Follow me on
  Twitter