Permit udp any any to allow ping ?!
Dear Community,
I am having problems understanding how ACL works through VPN. I have the following:
HQ is behind ASA 5510, site address is 192.168.1.0 /24
Remote site is behind Cisco 887 router, site addressing is 192.168.10.0 /24
IPSec VPN is set up and working between the two sites.
Now I have applied the following ACL inside int the public interface of the branch router:
Extended IP access list 102
10 permit tcp any any eq 22 (1321 matches)
This obviously blocks icmp (ping 192.168.1.1 source 192.168.10.1)
But what I am not understanding is that the only command that will allow ICMP is (on the ACL 102):
permit udp any any
substituting udp with icmp or ip does not allow pings
Could you please give me some guidance.
It's not a supported method, but the views you create are stored on the LMS server as xml files (as shown below on soft appliance) in /opt/CSCOpx/campus/etc/users/. The xml files are mostly a listing of the node IDs with their map coordinates.
You could copy them manually into the other users' directories on the server and they should see the same thing you have labored to create for their viewing pleasure.
I have brought this up with Cisco as a nice to have supported feature in the past but it never went anywhere.
[SecLab-LMS/root-ade admin]# pwd
/opt/CSCOpx/campus/etc/users/admin
[SecLab-LMS/root-ade admin]# ls -al
total 28
drwxr-x--- 2 casuser casusers 4096 Dec 16 2012 .
drwxr-x--- 4 casuser casusers 4096 Feb 8 2013 ..
-rw-r----- 1 casuser casusers 7345 Aug 29 13:23 Layer~2~View.xml
-rw-r----- 1 casuser casusers 1807 Nov 8 2012 SwitchCloud-1.xml
-rw-r----- 1 casuser casusers 1540 Feb 27 2013 Unconnected~Device~View.xml
-rw-r----- 1 casuser casusers 351 Sep 25 15:59 user.preferences
[SecLab-LMS/root-ade admin]#
Similar Messages
-
Hi All,
I have a question around the permit ip any any statement on an inbound ACL when using NAT. Is it safe? If I take the statement out of my list I can't do anything.
Example:
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.192
ip access-group IN_OUT_VLAN10 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
end
ip access-list extended IN_OUT_VLAN10
permit udp any any eq bootpc
permit udp any any eq bootps
deny ip 192.168.1.0 0.0.0.63 192.168.1.64 0.0.0.63
deny ip 192.168.1.0 0.0.0.63 192.168.1.128 0.0.0.63
deny ip 192.168.1.0 0.0.0.63 192.168.1.192 0.0.0.63
permit ip any any
Above list is to block my internal subnets*
interface Dialer1
mtu 1492
ip address negotiated
ip access-group OUTSIDE_INSIDE in
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via rx allow-default 100
ip nat outside
ip inspect IN_OUT_CBAC out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no keepalive
ppp authentication chap callin
ppp chap hostname ******
ppp chap password ******
no cdp enable
end
ip access-list extended OUTSIDE_INSIDE
remark OUTSIDE_INSIDE_ALLOW
remark *****
permit tcp host ********* any eq 22 log-input
remark ***********
permit tcp host ************* any eq 22 log-input
remark *********
permit tcp host ************* any eq 22 log-input
remark OUTSIDE_INSIDE_BLOCK
deny icmp any any echo
deny icmp any any echo-reply
deny tcp any any eq 22 log-input
deny udp any any eq 22 log-input
deny tcp any any eq telnet log-input
deny udp any any eq 23 log-input
permit ip any any <<<<< Without this here I have no traffic*
ip nat inside source list VLAN10_OUTSIDE interface Dialer1 overload
ip inspect name IN_OUT_CBAC tcp
ip inspect name IN_OUT_CBAC udp
ip inspect name IN_OUT_CBAC icmp
Above is a basic firewall for outbound connections and returning traffic** (I hope)
My question is do I need to put every single port I want to allow in and out in even though I am using NAT? It will be an insane list especially with gaming as XBOX uses random ports each time. I don't have any static NAT entries so when I do a port scan they are all closed as expected except 22 and 23 which I have closed only to specific hosts. Does IP here mean basically IP as in routing addresses etc (which would make sense) or does it mean the entire TCP/IP suite like TCP and UDP ports etc..
This has confused me so long I thought I would ask.. I see it on a lot of SMB routers with ADSL etc using NAT..
Thank you kindly everyone.Sorry Colin, here we are
#sh ip inspect all
Session audit trail is disabled
Session alert is enabled
one-minute (sampling period) thresholds are [unlimited : unlimited] connections
max-incomplete sessions thresholds are [unlimited : unlimited]
max-incomplete tcp connections per host is unlimited. Block-time 0 minute.
tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec
tcp idle-time is 3600 sec -- udp idle-time is 30 sec
tcp reassembly queue length 16; timeout 5 sec; memory-limit 1024 kilo bytes
dns-timeout is 5 sec
Inspection Rule Configuration
Inspection name IN_OUT_CBAC
tcp alert is on audit-trail is off timeout 3600
udp alert is on audit-trail is off timeout 30
icmp alert is on audit-trail is off timeout 10
Interface Configuration
Interface Dialer1
Inbound inspection rule is not set
Outgoing inspection rule is IN_OUT_CBAC
tcp alert is on audit-trail is off timeout 3600
udp alert is on audit-trail is off timeout 30
icmp alert is on audit-trail is off timeout 10
Inbound access list is OUTSIDE_INSIDE
Outgoing access list is not set
Established Sessions
Session 29F5EA3C (192.168.1.198:55435)=>(54.194.173.224:5671) tcp SIS_OPEN
Session 29F5282C (192.168.1.14:62790)=>(54.243.233.199:443) tcp SIS_OPEN
Session 29F4FAE4 (192.168.1.14:62795)=>(17.110.224.20:443) tcp SIS_OPEN
Session 29F51914 (192.168.1.13:58339)=>(65.20.0.43:993) tcp SIS_OPEN
Session 29F54CD4 (192.168.1.13:58341)=>(65.20.0.43:993) tcp SIS_OPEN
Session 29F5E5EC (192.168.1.13:58340)=>(65.20.0.43:993) tcp SIS_OPEN
Session 29F52A54 (192.168.1.13:58314)=>(17.172.239.80:443) tcp SIS_OPEN
Session 29F5C36C (192.168.1.17:49964)=>(157.55.236.97:443) tcp SIS_OPEN
Session 29F4FF34 (192.168.1.14:62797)=>(216.157.12.18:80) tcp SIS_OPEN
Session 29F5DF74 (192.168.1.14:62723)=>(69.171.235.48:443) tcp SIS_OPEN
Session 29F5534C (192.168.1.14:62794)=>(66.117.29.37:443) tcp SIS_OPEN
Session 29F5F2DC (192.168.1.14:62793)=>(81.144.168.143:443) tcp SIS_OPEN
Session 29F52EA4 (192.168.1.18:53043)=>(17.110.226.11:443) tcp SIS_OPEN -
"permit tcp any any established" and IOS Firewall
Guys, I need some clarification here. I have already asked couple TAC guys but they either did not know the answer right away or they wanted to send me to another team who might answer it...
I have a single router. One LAN, one WAN. It is an 800 series router and IOS Firewall feature is turned on as follows:
ip inspect name IOS_Firewall tcp
ip inspect name IOS_Firewall udp
ip inspect name IOS_Firewall icmp
interface FastEthernet4
ip address dhcp
ip access-group 161 in
ip nat outside
ip inspect IOS_Firewall out
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map mymap
access-list 161 permit udp any any eq ntp
access-list 161 permit udp any any eq bootpc
access-list 161 permit tcp any any established
access-list 161 permit icmp any any
access-list 161 permit esp any any
access-list 161 permit gre any any
access-list 161 permit udp any any eq isakmp
access-list 161 permit udp any any eq non500-isakmp
access-list 161 permit udp any eq non500-isakmp any
access-list 161 permit udp any eq isakmp any
access-list 161 permit udp any eq domain any
access-list 161 permit tcp any any eq telnet
access-list 161 permit tcp any any eq 1723
access-list 161 permit tcp any any eq 4500
access-list 161 permit tcp any any eq 5000
access-list 161 permit tcp any any eq 5500
access-list 161 deny ip any any log
My question is, is the statement "access-list 161 permit tcp any any established" required since I already have the IOS Firewall feature turned on?
Thank youNo you do not need it with CBAC's TCP inspection enabled.
-
Purpose of inside_access_in permit ip any any
Hi All,
Reviewing some firewalls from a company acquisition and moving to standardize configs with the existing firewalls. I see they've configured the following, and I fail to see it's purpose and hoping someone can provide some insight.
These are 5505's:
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-group inside_access_in in interface inside
Don't understand the purpose of this. The inside interface is security 100, and the outside is security 0. Aren't these flows allowed by default? I get that you can specify inside_access_in when you want to limit what can go outside, but in the can of "any any" above, I don't see the point.
access-list outside_access_in extended permit icmp any any
access-group outside_access_in in interface outside
Same thing here ---> It's my understanding that ICMP, HTTPS & SSH all occur before the firewall function comes into play on a 5505, so isn't this ACL also moot?I've sometimes seen the "inside_access_in" case used to trigger logging or hits against the access-list for a very basic connection accounting function. Beyond that though, it's a pretty superfluous command.
I could speculate that some inexperienced admin put it in just to satisfy any doubt he/she may have had when asked "are you SURE the firewall isn't blocking my traffic?" (although it may still have been if there was an inspection rule being hit :-p )
The outside one would allow pinging initiated from the outside of internal hosts that are externally addressable. (Although if that's the only entry in the ACL it would prevent all other outside-initiated traffic.) -
K9A2 Promise T3 SATA connectors: Any settings allow for DVD burners?
The references to SAS and "storage device only" for the Promise T3 controller are a bit cryptic for me, so I'm wondering if anyone can spell out what (if any) settings allow the Promise to control DVD drives. Win2k Server is my OS.
Anyone tested whether there is any difference in disk performance when the RAID is on the Promise versus the SB600?
If it were the same, I imagine that one might run drives off the T3 and SATA burners off the SB600 in IDE mode? -
after loading yosemite can't get permissions from any network PC - OK from MACs on network...any advice?
would love to...way over my head so far...upgraded to Yosemite 10.10.2 - I have another MAC (motorola chipset...maybe 10.6?) and 3 PCs on the network...the older MAC linked up through the network just fine...
I can see the Yosemite MAC on the PCs...I can open customer file folders (I am a printer) from the shared drive...I can drag files (let's just call them PDFs, they mostly are) to the MAC customer file...but if I try to open them from the PC I get an error message that says permission denied - or may be in use by another user. There are no other users. After I uploaded to Yosemite, I noticed most if not all drives and or folders had permissions changed to either no access or to read only...I've changed as many as I could find...drives, and folders...I can open those same files if I'm on the yosemite mac...Here's the catch, though...I was on a different floor and that PC can open a PDF on the Yosemite...but the RIP that prints our large format prints now won't print those files (whole RIP locks up) unless they are first dragged to the PC desktop...then all is fine. I thought it was MAC upgrade oriented, but I do have a PC that halfway works...I'm really stymied... -
How to allow ping from inside to outside in 2900 router?
Hi,
I have a Cisco router 2900 with firewall, i need to know how can i allow the ping from self zone to outside zone, i trried to create policy from self to outside but i still didn't allow ping or tracert, i get that message when i try to ping from cisco router:
"Unrecognized host or address, or protocol not running"
any help will be appreciated.
Thank youHi jcarvaja
here is the used configuration:
Building configuration...
Current configuration : 5584 bytes
! Last configuration change at 09:00:20 UTC Tue Apr 9 2013 by admin
version 15.1
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
hostname Router
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
no logging console
enable secret 5
no aaa new-model
no ipv6 cef
ip source-route
ip gratuitous-arps
ip icmp rate-limit unreachable 1
ip cef
ip name-server 163.121.128.134
ip name-server 163.121.128.135
ip port-map user-custom-fleet port tcp 2000 list 1
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-324261422
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-324261422
revocation-check none
crypto pki certificate chain TP-self-signed-324261422
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323432 36313432 32301E17 0D313330 34303930 38343034
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 34323631
34323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B8ABD60F 8C879B3B BC1C1643 48059AD2 F940A700 6D58161E 37D53E6E E028B806
61EAA942 CED2A3C6 3FB3A47E 20E05B10 0941A9D8 38FFA6F9 D2B9E52C 225A57BA
14F8842A A26E7E02 38E9F7C8 328504D0 5C3EEE41 CC75B237 BBD07CBA 1A850540
2A5AAFAD 4553FB03 0E366211 9AC09967 4DC03082 0AF546A3 F6AA2739 1D8A8AA9
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801428 FEEB3910 B7A1D374 1F86BCD5 96CEDF75 8DF11E30 1D060355
1D0E0416 041428FE EB3910B7 A1D3741F 86BCD596 CEDF758D F11E300D 06092A86
4886F70D 01010405 00038181 006BBF7A 430905F6 D5B27B0D 96315504 87816DAA
B5EA86D9 6E9A1D58 7B328C88 A6A358D0 00D035A9 8CDDEC41 15AF0108 F5CB1072
B0485D7D CFC0D0CB 71E9B153 FB7B8B40 40C157E4 B254D01C 890D615F D8395545
F0B47E0B 57341EB2 C0CE0039 DC18EAD6 078986F0 A5A5D04F D5041DB6 23CAA002
4901248C 95B61A0B 3ED5B26A EF
quit
license udi pid CISCO2901/K9 sn FCZ1526C3JL
object-group service Outside-Reply
icmp echo-reply
username admin privilege 15 secret 5
redundancy
ip finger
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any Deny_ALL
match access-group name dwdwd
class-map type inspect match-any Inside-Outside
match protocol http
match protocol https
match protocol dns
class-map type inspect match-any ICMP_RQST
match protocol icmp
policy-map type inspect Inside-Outside
class type inspect Inside-Outside
inspect
class class-default
drop
policy-map type inspect Self_to_Outside
class type inspect ICMP_RQST
inspect
class class-default
drop
policy-map type inspect Outside_to_Self
class type inspect Deny_ALL
pass log
class class-default
drop
zone security IN
zone security OUT
zone-pair security Self_to_Outside source self destination OUT
service-policy type inspect Self_to_Outside
zone-pair security Outside_to_Self source OUT destination self
service-policy type inspect Outside_to_Self
zone-pair security Inside-Outside source IN destination OUT
service-policy type inspect Inside-Outside
interface GigabitEthernet0/0
ip address 101.101.100.245 255.255.255.0
ip mask-reply
ip directed-broadcast
ip flow ingress
duplex auto
speed auto
interface GigabitEthernet0/1
description $FW_INSIDE$
ip address 49.31.152.80 255.255.255.248
ip mask-reply
ip directed-broadcast
ip flow ingress
zone-member security IN
duplex auto
speed auto
interface Serial0/0/0
no ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type q933a
interface Serial0/0/0.16 point-to-point
description $FW_OUTSIDE$
ip address 172.17.18.122 255.255.255.252
ip mask-reply
ip directed-broadcast
ip flow ingress
ip verify unicast reverse-path
zone-member security OUT
frame-relay interface-dlci 16
interface Serial0/0/1
no ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
shutdown
clock rate 2000000
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.16
ip identd
ip access-list extended ICMP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended deeef
remark CCP_ACL Category=128
permit ip any any
ip access-list extended dwdwd
remark CCP_ACL Category=1
permit object-group Outside-Reply any any
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 196.219.234.77
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 101.101.100.0 0.0.0.255
access-list 2 permit 10.20.10.0 0.0.1.255
no cdp run
control-plane
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
login local
transport input all
line vty 5 15
login local
transport input all
scheduler allocate 20000 1000
end -
How to give write permissions to any file in mac os x 10.8.3
How can we give write access to the file in mac os x 10.8.3.It is not allowing to login as root user also.Can any one please help me in this.I think in mac os x 10.8.3 security update only bloocked this root access.We can give permissions to anyfile upto mac os x 10.8.2.How can we edit any system files?
Download TextWrangler from BareBones' website, not the Mac App Store. It will allow you to edit system files by authenticating. The Mac App store version doesn't have that capability.
You could also edit them in the Terminal with pico, nano, emacs (perhaps more). TextWrangler is much easier to use, though. -
I have one computer with Windows 7 and an older version of Firefox, not sure exactly which one. I have never had a problem with saving passwords on it. I now have a new computer with Windows 8.1 and the latest version of Firefox, installed 5.29.14, and it is only randomly saving passwords. All the sites I've tried are ones that permit this, and I was able to save them on Explorer. I've checked my settings and save password is enabled--it seems Firefox is being selective about what it will save passwords for. Is this something new or is there a way to change it so it the box will always pop up asking me to if I want to save a password? Thanks for any help!
I appreciate your help but I am not a very expert computer user. I have checked that I am permitting passwords to be saved and it does work on some sites. I don't know how to do the first two things you mentioned
"You can toggle the signon.overrideAutocomplete pref to true on the about:config page.
You can remove autocomplete=off with a bookmarklet to make Firefox store form data like names and passwords. "
I found a bookmarklet on the page above but I don't know how one applies them.
What baffles me is why I've never experienced this issue with Windows 7 and the version of Firefox I am using on it. It works just fine on the Aetna site and all the others I'm having this problem wit Do you think it may be a Windows 8.1 issue? Or something with the new version of Firefox? As I said, I've got Win7 and an older version of Firefox that I use with it. I'm reluctant to update to a newer version of Firefox on my old computer in case that is the problem.
Thanks very much for your help and any other suggestions are very much appreciated. -
Is there *any* way to ping MIDlet using default SMS/call (j2me)
Hi,
I'm writing a server style MIDlet which is polling a bluetooth device, the nature of the server is such that the phone running the MIDlet (in my case, a Motorola L6) is dedicated, it needs do nothing other than run the server, it is assumed it will not be used for anything else. Specifically the only phone calls or SMS messages it receives should be specific ping requests to server. The server will run 24/7, and should be resistant to being suspended by incoming calls (I've noted this could be a problem in itself).
All I really want is for a 3rd party, without any special client software, to be able to ping the server (prompt it) to dispatch a set of text data to a pre-defined phone number via SMS (using WMA TextMessage).
Basically someone should be able to set up the server, and then, with any phone (with no specific client MIDlet installed), be able to call or SMS the server and get a response posted back (to a fixed number, not necessarily to originating phone number).
Does anyone know any way, no matter how hacky (needn't be pretty), to achieve this? You cannot receive SMS notifications on default port. An incoming call will call pauseApp which I could use - but not resume it, so server remains suspended. There are ways around having app suspended on receipt of call/SMS, but they involve never receiving the pauseApp notification, so I'm back to square one. I've wondered if I could check the free disk space on the MIDP profile (somehow) to 'detect' when it reduces in size, thus suggesting an SMS must have come in. Can a user send an SMS to a specific port with standard SMS-send interface (certainly can't see how myself, as no ':' character available). Can you hack the phone to re-route incoming SMS messages to something other than the default port?
Is there a specific phone that might do this (I just need a phone supporting j2me bluetooth API, needn't be motorola L6)?.
I think this can be done with Symbian (of which I know very little), and ultimately I might need to start programming with that, but I'd really prefer to continue using j2me..
Any ideas would be greatly appreciated, I've spent a fair bit of time trolling for answers with only limited success.
Cheers
Edited by: bbloff on Oct 10, 2007 8:50 PMThe tunnel default gateway is needed to let the internal firewall and router handle the routing for all decrypted IPsec packets. Today, after a Cisco IOS? EasyVPN Client connects to a Cisco IOS EasyVPN Server, there is no simple way for the client to send the tunnel traffic to the internal corporate network (other than to have the entire routing table on the IPsec gateway). In this type of implementation, the Cisco IOS routers use the default gateway to route all packets toward the Internet that do not have a more specific route. The tunnel default gateway gives customers the flexibility to control how they handle IPsec tunneled traffic
-
Regarding iPhoto '11 9.5 (902.7 build running on an older Intel based MacBook Pro with iPhoto libraries on a USB2 External HD). I am dealing with iPhoto taking too long to download photos. Specifically, I rechecked and repaired HD permissions. I am running the most current software my five year old Intel MacBook Pro can run. What happens is that when I connect an external SD card, or my iPhone, the new version of iPhoto takes up to two full minutes to fully acknowledge the device. Then locate new photos and be ready to download them to my external HD. I am kind of concerned about this. This has never happened before.
I take 20,000 photos a year. I really don't want to lose any. Or is there something I am doing wrong? Or need to be aware of? Any experienced suggestions would be appreciated. Thanks. Have a great day.
PS.... The cameras I use are Canon SX-30, Nikon D3100, and my iPhone 4S. Thanks again for your assistance.Hello Old Toad.... Those sound like great ideas.
I thought I checked and repaired disk permissions on my main boot HD. That boot disk is Mac OS Extended (Journaled) Capacity 749.3 GB. Available 562.53 GB. BUT.... now that I think of it.... the Seagate external HD with USB2 interface is: Mac OS Extended (Journaled), Capacity 639.79 GB, Available 36.2 GB with my latest iPhoto Library 517.37 GB that was already scanned & updated to be read by the latest iPhoto version.
I'll try your suggestions tonight as far as double checking 'permissions' and setting up a tiny test library.
Or maybe it's time to fill up another External HD?
I appreciate your and anyone else's suggestions to try.
Have a great day. ~~ David in Rochester NY -
Don't have correct permissions to any drive other than the boot drive
I installed SL, and when it came time to enter in the user name, it said the name was already taken xxxx and so I entered yyyy. As an example.
Now User yyyy has Read / Write permissions for everything on Drive 1, the boot drive, but ALL of the other hard drives have xxxx as having Read / Write permissions, and not for my new account yyyy. So everytime I need to write a file to a hard drive, I have to fix permission for the folder the file resides in. This is getting old fast.
How can I change all my drives, folders, files, etc, etc to have yyyy permissions added without doing them 1 at a time?what kind of backups? manual ones? then it's ok to do the following
select a drive and enter command+i. in the resulting popup, unlock the lock at the bottom, change the permissions as you want, then click on the "gears" action button at the bottom and select "apply to enclosed items".
However, let me stress here that you should NEVER EVER use "apply to enclosed items" on ANY system created folders, system drives or TM drives. that includes btw things like your home folder, your desktop folder etc. use it ONLY on folders you made yourself. using it on a system drive will have catastrophic results. using it on any system created folder will likely have highly unpleasant ones because such folders often have invisible ACLs and using this button will propagate them inside. -
Permz - Quickly change file permissions in any file manager
Designed to be integrated into any file manager, permz is a bash script which presents a GUI menu. You can use it to quickly change file permissions and ownership as a normal user or as root, and delete files as root. I wrote this because I have yet to see a file manager that isn't cumbersome for this - the mechanism is usually buried on a second tab of the Properties window, and changing permissions often involves multiple clicks in a grid. To change the owner of a file, you need to type the username. And if the file is owned by root, you can't do anything.
permz --help
Presents a GUI menu for changing file permissions/ownership. May be run
as a normal user or root.
Requires: zenity gksu
Optional: sudo (recommended to prevent multiple root password prompts)
Usage: permz FILE [...]
MENU FUNCTIONS:
rwxrwxrwx Sets file(s) to given permissions
Sticky Clear/Set Performs "chmod -t" or +t to clear or set the sticky
bit. You may select to clear/set sticky in addition
to changing other permissions.
Recursive go-rxw "chmod -R go-rxw" on file(s) recursively, denying
access to non-owners
Recursive go-w "chmod -R go-w" on file(s) recursively, denying write
to non-owners
Recursive ugo+rX "chmod -R ugo+rX" giving read access to all. Also
sets +x for directories and executables.
Recursive ugo+w "chmod -R ugo+w" on file(s), giving write to all
(You may select several compatible recursive functions above at once)
Owner USER As ROOT Sets ownership to USER:USER as root
DELETE As ROOT Deletes file(s) as root. Must be used alone or with
"Perform Recursively" (to delete directories - USE
WITH CAUTION). Not available if permz is run as root.
Perform As ROOT Run as root to change selected permissions.
(Use of root is automatic when changing ownership)
Perform Recursively Adds -R to all chmod, chown, and delete commands to
descend into subdirectories. Use in conjunction with
any other functions. (Recursion is automatic for
"Recursive" functions above)
Current su command is set to: gksu -gS
If you're somewhat familiar with bash, adding additional options or changing the existing ones is straightforward.
I have tested it pretty thoroughly but if you do encounter anything amiss please let me know.
More details at http://igurublog.wordpress.com/downloads/script-permz/
And in the AUR at http://aur.archlinux.org/packages.php?ID=36978
Instructions for integrating permz into PCManFM-Mod are here.
Last edited by IgnorantGuru (2010-05-05 13:53:08)rransom wrote:Recursive ugo+rX would be more useful than "Recursive ugo+r (dirs +x)". (The +X feature of chmod is available at least in GNU coreutils, FreeBSD, and POSIX 2003.)
Done - thanks for the tip. I also left the old code active in there with just the menu option disabled, so if anyone wants it the other way or wants both it's easy to enable. The difference is that the old way won't make any files +x, just dirs.
permz doesn't provide every possible setting of permissions, just common ones, so you may want to customize it. But I used to have these as user actions when I used Krusader and I found these were the handy ones, at least for me. -
Does iPhone have any apps for ping'ing like Blackberries?
I have an ordinary LG cell phone which i can hardly wait for the contract to expire. Furthermore, I hate blackberry phones. I want an iPhone to be my next phone. However, is there any apps that work like blackberries ping'ing each other? I the blackberry world, this is instantaneous messaging --->as opposed to regular texting whereby a text can take up to twenty minutes for the recipient to get a text sent from, say, my lousy LG cell phone.
email is only as good and as fast as the ISP available and texting is only as good as one's cell phone carrier. BB's, I must admit, are amazingly fast like a bzillionth of a second with like zero delay, .... UNLIKE email or texting. When i text my wife from my LG cell phone to her identical LG cell phone using Telus mobility, there can be as much as twenty minutes until the text is delivered (i sht you not, ....as we tested it on several occasions the time it took for a text to go from one phone to another and we were sitting right beside each other). BB's don't have any delay.... none/zero/goose-eagg/nada.
-
Will repairing Permissions disrupt any currently running services.
I have a server that is set up running DNS, Open Directory, and Software Update services. It is the latest update, 10.5.8. I just wanted to know if anyone knows if running a permissions repair will disrupt any of these services.
Thanksit won't interrupt these services
we run permissions repair on live machines all the time.. no problems.
Maybe you are looking for
-
Possible malware/virus in mail?
hi there. until yesterday, my mail-software was working pretty well, even after all the upgrades. all of a sudden, all the different mailboxes and smartboxes disappeared, all the different accounts were gone. i had to do it all over again. something
-
Archival/Deletion of messages in XI 3.0 SP23
Dear All, We need to carry out a data deletion/purging activity at our XI box, where no archival/deletion policy has been incorporated ever. As a preparatory measure, I need to have some guidelines for the activities as under, 1. While defining an
-
FILE TO FILE SCENARIO FULL BBDD
Hi all, I have develop several file to file scenarios, just in the role of FTP, no mapping is required. The total volumen of the files that i´m moving is 2GB, in diferent files and diferent scenarios. The issue that we are experimenting is that the B
-
Icloud sync, what is dominant ????
When I edit contacts they get changed back to how they were before editing after charging every night. Do I need to go to icloud.com and edit for them to stay or what is the dominent area to edit so it will change all of the others.
-
Hi I need to get an idea about the parallel processing of a program to get a better performance and submit the program in background. If anyone have any simple code which give a better undersatnding please post it.