[SOLVED] setfacl for unknown user (modify possible, remove fails)
When setting ACLs on a file using a non-existant user, setfacl is working as expected (ignoring that the uid is not in /etc/passwd). But when trying to remove this ACL it fails.
# setfacl --modify="u:100000:x" /home/bla/
# getfacl /home/bla/
getfacl: Removing leading '/' from absolute path names
# file: home/bla/
# owner: bla
# group: bla
user::rwx
user:100000:--x
group::---
mask::--x
other::---
# setfacl --remove="u:100000:x" /home/bla/
setfacl: Option -x: Invalid argument near character 10
The reason for these non-existant users are uid maps for lcx. So it should be a legitimate use of these uids. How to remove those ACLs without "resetting" all by using
setfacl -b /home/bla
Edit
Okay, Layer 8... It's simply
setfacl --remove="u:100000" /home/bla/
Last edited by OlafLostViking (2015-03-09 23:00:46)
When setting ACLs on a file using a non-existant user, setfacl is working as expected (ignoring that the uid is not in /etc/passwd). But when trying to remove this ACL it fails.
# setfacl --modify="u:100000:x" /home/bla/
# getfacl /home/bla/
getfacl: Removing leading '/' from absolute path names
# file: home/bla/
# owner: bla
# group: bla
user::rwx
user:100000:--x
group::---
mask::--x
other::---
# setfacl --remove="u:100000:x" /home/bla/
setfacl: Option -x: Invalid argument near character 10
The reason for these non-existant users are uid maps for lcx. So it should be a legitimate use of these uids. How to remove those ACLs without "resetting" all by using
setfacl -b /home/bla
Edit
Okay, Layer 8... It's simply
setfacl --remove="u:100000" /home/bla/
Last edited by OlafLostViking (2015-03-09 23:00:46)
Similar Messages
-
ASA enable authentication for AD user by ACS TACACS fails
In order to authorize command on ASA8.x for different users, I have to put 'aaa authentication enable console TACACS' into ASA configuration, and in ACS - user setup - TACACS+ enable password - Use separate password, I set an enable password.
It works fine for ACS local users, they are able to get into priv EXEC mode by entering 'enable' command and use my pre-set password, however, the password doesn't work for AD user.
So, how to setup enable authorization for AD user?
Or is there a way to drop a user directly into level 15 on ASA just like it on router?
below is the debug info.(I'm sure the password is the one I set in ACS)
LABASA1(config)# AAA API: In aaa_open
AAA session opened: handle = 884
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(d45bd5c8) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
Initiating authentication to primary server (Svr Grp: TACACS)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server: 192.168.1.221
AAA FSM: In AAA_SendMsg
User: fostco\user1
Resp:
callback_aaa_task: status = -1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 884, pAcb = d5b193e0
aaa_backend_callback: Error:
Incorrect password.
AAA task: aaa_process_msg(d45bd5c8) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Authentication Status: -1 (REJECT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_PRIM_AUTHENTICATE, auth_status = REJECT
AAA_NextFunction: authen svr = TACACS, author svr = <none>, user pol = , tunn pol =
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
AAA FSM: In AAA_Callback
user attributes:
None
user policy attributes:
None
tunnel policy attributes:
None
Auth Status = REJECT
aaai_internal_cb: handle is 884, pAcb is d5b193e0, pAcb->tq.tqh_first is d441d1d8
AAA API: In aaa_close
AAA task: aaa_process_msg(d45bd5c8) received message type 3
In aaai_close_session (884)I have run into a similar situation. I just want to authenticate via TACACS to enable mode in an ssh session. After using the "aaa authentication enable console TACACS LOCAL" command on the ASA, the ACS server rejects the password.
I have tried everything I can think of on the ACS as far as "TACACS+ enable password" using both a windows database or a separate password, and PIX/ASA command sets. I cannot go into enable mode unless I set the ASA to LOCAL authentication, which just uses the globally defined enable password. -
[SOLVED] Question for Zsh users
hello
i've been using Zsh for a while ( i love it ) but i got 2 problem a 1 question.
when i install something like rtorrent , when i am going to execute it i can complete the " rtorrent " command with tab , i put rtor[TAB] and it didn't show the rest or complete, this only happens with program that i recently installed ( in this sesion)
another problem is that when i use the kill program , i normaly press [Tab] to see a list of the running program, but i only see the programs that i run, there is a way to see all the programs there are in execution by all users? ( i am a kind of sistem admin )
and the question is , is reccomendable to use Zsh like the Root Shell? it can break something? because when i used FreeBsd the encorauge the users to don't change the SHELL of the ROOT user.
that all, GRACIAS DE ANTEMANO!.
ooppz , this is my .zshrc
export HISTFILE=~/.zsh_history
export HISTSIZE=50000
export SAVEHIST=50000
export CFLAGS="-pipe -march=athlon64 -O2"
export CXXFLAGS="-pipe -march=athlon64 -O2"
autoload -U compinit promptinit
compinit
promptinit
# This will set the default prompt to the walters theme
prompt walters
zstyle ':completion:*' menu select
# key bindings
bindkey "\e[1~" beginning-of-line
bindkey "\e[4~" end-of-line
bindkey "\e[5~" beginning-of-history
bindkey "\e[6~" end-of-history
bindkey "\e[3~" delete-char
bindkey "\e[2~" quoted-insert
bindkey "\e[5C" forward-word
bindkey "\eOc" emacs-forward-word
bindkey "\e[5D" backward-word
bindkey "\eOd" emacs-backward-word
bindkey "\e\e[C" forward-word
bindkey "\e\e[D" backward-word
bindkey "^H" backward-delete-word
# for rxvt
bindkey "\e[8~" end-of-line
bindkey "\e[7~" beginning-of-line
# for non RH/Debian xterm, can't hurt for RH/DEbian xterm
bindkey "\eOH" beginning-of-line
bindkey "\eOF" end-of-line
# for freebsd console
bindkey "\e[H" beginning-of-line
bindkey "\e[F" end-of-line
# completion in the middle of a line
bindkey '^i' expand-or-complete-prefix
alias ls='ls --color=auto -F'
Last edited by slacknatcher (2009-07-08 22:10:18)slacknatcher wrote:when i install something like rtorrent , when i am going to execute it i can complete the " rtorrent " command with tab , i put rtor[TAB] and it didn't show the rest or complete, this only happens with program that i recently installed ( in this sesion)
Invoke this to regenerate the completion cache for $PATH:
rehash
slacknatcher wrote:another problem is that when i use the kill program , i normaly press [Tab] to see a list of the running program, but i only see the programs that i run, there is a way to see all the programs there are in execution by all users? ( i am a kind of sistem admin )
Try to add this to your .zshrc:
zstyle ':completion:*:*:kill:*' command 'ps -u$USER -o pid,%cpu,tty,cputime,cmd'
slacknatcher wrote:and the question is , is reccomendable to use Zsh like the Root Shell? it can break something? because when i used FreeBsd the encorauge the users to don't change the SHELL of the ROOT user.
I've used zsh as the root $SHELL for several years on both Arch, Debian, Gentoo, and FreeBSD. I've not encountered any issues.
Last edited by shagrat (2009-07-08 20:24:45) -
Hi,
1) Internal User expected exception:
Exception: Payments,apply credits,disputes and print are not supported when multiple customer/currency transactions are selected
2) External User is throwing below error instead of throwing above exception.
Error
You are trying to access a page that is no longer active.
The referring page may have come from a previous session. Please select Home
to proceed.
found this MACCHECK from fnd logs of external user payment.
MACCHECK: . Parameter failing validation is :mode. The parameter mode with value MultiPay could not be recognized as part of Server's response on the previous request. Incoming URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/EndecaDummyPG . Current URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/OIREndecaCustHomePG&akRegionApplicationId=222&_ti=1125493452&oapc=10&retainAM=Y&addBreadCrumb=N&oas=6-LL4ndIUFLX-2zjQAQD6A.. . Referer URL is : https://<hostname>:4443/endeca/web/ar/customer?doAsUserLanguageId=en_US&languageId=en_US . HTTP Request Method is : POST
can someone please help.
Thanks,
RRSWell, I compared my classpath between my windows batch file and the
makefile (that comes with the samples installation) on Solaris and realized
that I am using different sets of jars.
So, I removed the extra jars from the makefile to narrow down the
problem. If I remove the /opt/SUNWam/lib/servlet.jar from the makefile,
I can reproduce this problem on the Solaris box as well.
When I include this servlet.jar on my windows machine the program works!
Only jars I have in my classpath are amclientsdk.jar and servlet.jar which
I have copied from my installation (/opt/SUNWam/lib) on the Solaris box.
Just the same way, by copying the am_services.jar, saaj-api.jar, and jaxm-api.jar,
from the Solarix box to the windows machine,
I am also able to pull the assertions from the Access Manager.
I installed Sun Java Enterprise System 2005Q1 on a Solaris 10 machine.
During the installation, I configured to install the Access Manager
in Sun Application Server.
Why do I need to have different set of jars on the windows machine
for the Access Manager client SDK ?
Could you please point me to a download link where I could download
the correct Windows Access Manager Client SDK for
Sun Java System Access Manager 6.0 (Sun JES 2005Q1)?
Thanks. -
Hi Everybody. I have a weird one for you.
I have a user that gets an "operation failed" message whenever trying to use the "resend" option on any email (It's the one right under recall). I had tested up and down on her machine. Exchange 2010 Outlook 2013
Ran in safe mode, recreated her profile, disabled virus scanning, repaired office. (weird, the font just changed sizes on me)
After all of this I tested on other computers, other users seem to be able to "resend" just fine. However her account does not work on any computer I try, internal or external to the network.
It looks more like a profile issue.
She's a very active archivist, so she only has 486MB of space used by her mailbox.
It's well under quota.
It's been really puzzling me.
MCSE 2003, Exchange. MCTS Vista, 7. Administrator of awful, neglected website http://timssims.netHi Timssims,
Since there is only one user in the org has this issue, it seems an issue on the Outlook client side.
I suggest asking Outlook Forum for help so that we can get more professional suggestions.
For your convenience:
https://social.technet.microsoft.com/Forums/office/en-US/home?forum=outlook
However I also have some suggestions for your reference:
1. If this issue occur on Cached Mode, I suggest turning to Online Mode for testing.
2. Please also paste the detailed error message if "operation failed" is not the
complete information.
3. If still not works after perform operations above (including suggestions from Outlook Forum), I suggest re-creating a new mailbox for the specific user just as Martin suggested.
Thanks
Mavis
Mavis Huang
TechNet Community Support -
Hi just noticed in (OS X Mountain Lion) System Preferences, Sharing, Screen Sharing: I have a 'Unknown User' and too 2 'Unknown User' in the Remote Login.
See screen shots... got any ideas? (note clicking "–" does not remove the "Unknown User" they are stuck, hence my posting)
thanksI had the same problem and i solved it (for Remote Login)
1) First remove all users that can be remove from GUI
2) shows the configuration of users
sudo dscl . -read /Groups/com.apple.access_ssh
example result:
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 2F60778C-0931-47A4-B656-DBE07ACD843F
GroupMembers: 3D7C31B1-DEDE-4A5A-AAA8-CDD55645DC75
GroupMembership: youraccoutname
PrimaryGroupID: 404
RealName:
Remote Login ACL
RecordName: com.apple.access_ssh
RecordType: dsRecTypeStandard:Groups
3) remove the group GroupMembers that the user is unknown
sudo dscl . delete /Groups/com.apple.access_ssh GroupMembers 3D7C31B1-DEDE-4A5A-AAA8-CDD55645DC75
4) Go to System preference (dock) and see the result
excuse my bad english.
Ciao,
Andrea.
concretenz wrote:
Hi just noticed in (OS X Mountain Lion) System Preferences, Sharing, Screen Sharing: I have a 'Unknown User' and too 2 'Unknown User' in the Remote Login.
See screen shots... got any ideas? (note clicking "–" does not remove the "Unknown User" they are stuck, hence my posting)
thanks -
I have a set of Citrix servers, we need to upgrade the FireFox on them to 29.0.1
When I have done this, and a user runs FireFox, now the users are being presented with a pop-up "Checking Compatibility of Add-ons" which delays the start of FireFox.
I need to prevent this so users just see FireFox start up without any delays.
I have installed the add-on that re-enables extensions.checkCompatibility and tried various ways of implementing it like pref("extensions.checkCompatibility", false);
However we seem to have a situation where the add-on that enables the setting is not loaded yet so the setting is not implemented.
How do I solve this for all users?You can try to set the browser.startup.homepage_override.mstone pref to ignore on the about:config
*http://kb.mozillazine.org/browser.startup.homepage_override.mstone
You can use a mozilla.cfg file in the Firefox program folder to specify new (default) values and possibly lock prefs.
Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
pref("general.config.filename", "mozilla.cfg");
These functions can be used in the mozilla.cfg file:
defaultPref(); // set new default value
pref(); // set pref, but allow changes in current session
lockPref(); // lock pref, disallow changes
See:
*http://kb.mozillazine.org/Locking_preferences
*http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
*http://mike.kaply.com/2014/01/08/can-firefox-do-this/ -
Outlook 2013 on terminal server Search failes for all users
we have a small comany with a new Windows 2012 Fileserver and Terminal Server.
Office 2013 is installed and we use Office 365 - Exchange Online as our mailserver.
We use Outlook with the Cached Exchange Mode ON. We have shared our mailboxes with our collegues.
Indexstatus is complete for all the users.
So far the information i have.
I suspect wrong permissions on the Windows Search Folders are the cause of my problems but where can i find the Windows Search Folders which are indexed (and shoot be accesable for the users).Winnie, thank you for your answer.
1. Make sure indexing is complete. ==> Index is complete
2. Make sure Indexing Options are configured correctly ==> Indexing Options are configured correctly for the administrator, Outlook
isn't configured in de Indexing options for the users (that might be the problem i guess)
3. Make sure Outlook data is included in indexing==>
Outlook Data is included in indexing
See screenshots below:
First screenshot are the Indexing Options as configured for the users, the seconde one are the indexing options for the administrator. I suspect there is my problem, but can't find the solution the solve this for the users. -
Toolbox software for Win7 makes your wireless radio fail
I have a problem with my X60 Lenovo and the new toolbox software for windows 7.
After installing this new toolbox for windows7 the wireless radio turnes off and cannot be turned on ever again.
Only restoring a backup made just before installing the toolbox solved the problem. All other possible solutions failed. One other solution: Also you can go back to a recovery point made bij windows to remove the toolbox. Because as already said: even uninstalling the toolbox program (remove program) doesn't help, too.
I like the 'old' productivity center much more than the toolbox. The toolbox starts up slow and adds not really new features. My advice: don't install the toolbox. Just a waste of MB of your harddisk.
MartenSince purchasing the unit I was unable to use it in my home network, as it wouldn't work across subnets. I have a secure wireless Zone which issues different IP Addresses from my internal network range. Following a number of unsuccessful emails to tech support, I gave up and threw it back in the box. I recently moved house and installed another wireless lan for the music blaster to work, however cannot find the initial install cd, and have been unsuccessful finding the download anywhere for it. Did anyone ever manage to find the software, or has it been archi'ved due to it's failings?Come on Creative, I have been using your products successfully for over 0 years, but?this is by far the worst!
-
For example: user has Windows Azure Directory Rights and SharePoint Online (Plan 2) service plans of Enterprisepack AccountSKU. I am trying to assign Office 365 proplus and Office online, service plan for that user without removing Windows
Azure Directory Rights and SharePoint Online (Plan 2) plans. Is it possible using PowerShell?
>$licenses = (Get-MsolUser -UserPrincipalName [email protected]).Licenses
> $licenses[0].servicestatus
ServicePlan
ProvisioningStatus
YAMMER_ENTERPRISE
Disabled
RMS_S_ENTERPRISE
Success
OFFICESUBSCRIPTION
Disabled
MCOSTANDARD
Disabled
SHAREPOINTWAC
Disabled
SHAREPOINTENTERPRISE Success
EXCHANGE_S_ENTERPRISE Disabled
>$entOption = New-MsolLicenseOptions -AccountSkuId domain:ENTERPRISEPACK -DisabledPlans YAMMER_ENTERPRISE, MCOSTANDARD, EXCHANGE_S_ENTERPRISE
>Set-MsolUserLicense -UserPrincipalName [email protected] -AddLicenses domain:ENTERPRISEPACK -LicenseOptions $entOption #Giving me invalid AccountSKU errorHi Rayhan,
Is it possible for you to give me the full error & your account SKU numbers. you can for sure do this via powershell we just need to make sure your passing through the correct AccountSKU and I'd like to check over the commands that your using if possible
Send via PM if you require assistance still as appreciate this is rather an old thread now from MAY.
Thanks,
James. -
The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError)
Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
Logon failure: unknown user name or bad password
am using Windows integrated security,version of my sql server 2008R2
I have go throgh the different articuls, they have given different answers,
So any one give me the exact soluction for this problem,
Using service account then i will get the soluction or what?
pls help me out it is urgent based.
Regards
Thanks!Hi Ychinnari,
I have tested on my local environment and can reproduce the issue, as
Vaishu00547 mentioned that the issue can be caused by the Execution Account you have configured in the Reporting Services Configuration Manager is not correct, Please update the Username and Password and restart the reporting services.
Please also find more details information about when to use the execution account, if possible,please also not specify this account:
This account is used under special circumstances when other sources of credentials are not available:
When the report server connects to a data source that does not require credentials. Examples of data sources that might not require credentials include XML documents and some client-side database applications.
When the report server connects to another server to retrieve external image files or other resources that are referenced in a report.
Execution Account (SSRS Native Mode)
If you still have any problem, please feel free to ask.
Regards
Vicky Liu
Vicky Liu
TechNet Community Support -
Firefox crashes a few times when I was on Facebook and with email, also watching dramas online. Most of the time due to Adobe Flash and I did submit crash report. Later it crashes for unknown reason while I have email and Facebook on different tabs -- when I was on the tab of email, it looks system hang and not responding. This happened to my laptop that uses Windows Vista as I noticed. I don't remember it ever happens to my desktop that uses Windows XP.
It's pretty annoying of such known crash, but before removing Firefox, I did try to update all add-ons or plugins and it looks like doesn't work out. After updating for couple times and it still crashed like that, I removed Firefox and reinstall it.
'''Now I want to know how to put the shortcuts from my Favorite folder into the newly installed FireFox's bookmarks.''' I didn't backup the bookmarks by using Firefox. I even went to Firefox help for instructions, but it only mentions how to merge/input the bookmarks from other browsers. Please note the version I've removed and inrestalled is the same -- 3.6.13.It is possible that there is a problem with the files sessionstore.js and sessionstore.bak in the Firefox Profile Folder.
Delete the sessionstore.js file and possible sessionstore-##.js files with a number and sessionstore.bak in the Firefox Profile Folder.
*Help > Troubleshooting Information > Profile Directory: Open Containing Folder
*http://kb.mozillazine.org/Profile_folder_-_Firefox
Deleting sessionstore.js will cause App Tabs and Tab Groups and open and closed (undo) tabs to get lost, so you will have to create them again (make a note or bookmark them).
*http://kb.mozillazine.org/Multiple_profile_files_created
You can use this button to go to the Firefox profile folder:
*Help > Troubleshooting Information > Profile Directory: Open Containing Folder -
How do I remove (unknown) user in permissions & sharing, please?
I re-installed OS X with archive install. I am reinstalling preferences, etc... using Time Machine and my archived Previous System folder. However, many folders are marked and I have an (unknown) user with Read&Write Priveleges in Sharing & Permissions for files within 'Previous System' folders. I am unable to remove (unknown) with - and I have no option for setting 'No Access' to this user.
How do I remove (unknown) user with Read&Write Priveleges in Permissions?
Using Terminal, I have ascertained that my uid=501
Macintosh:~ symone$ ls -ladeO /Previous\ Systems.localized/Previous\ System\ 1/Users/symone/Library/Audio
drwx------+ 5 502 staff - 170 8 Sep 2011 /Previous Systems.localized/Previous System 1/Users/symone/Library/Audio
0: group:everyone deny delete
Macintosh:~ symone$ id
uid=501(symone) gid=501(symone) groups=501(symone),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin)Hmmm, doesn't sound good for your drive.
Check the S.M.A.R.T. status of the drive in Disk Utilty by highlighting the Drive & looking at the bottom of the window.
Could be many things, we should start with this...
"Try Disk Utility
1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
*Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
3. Click the First Aid tab.
4. Select your Mac OS X volume.
5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
http://docs.info.apple.com/article.html?artnum=106214
Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
(Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
If perchance you can't find your install Disc, at least try it from the Safe Boot part onward. -
Hi! I would like to know if there is any possibility to remove the option "Set as default background..." from the right-click menu on a picture, for all users. I know that's possible to edit userContent.css or userChrome.css, but this concerns only a profile at a time and being in a domain, I would like to set this for all people using Firefox.
Can it be possible to edit a mozilla.cfg file to get the same result?
Thank you in advance for help and tips.AFAIK then there is no way to do that system wide. You can only do that via userChrome.css or an extension like the Menu Editor per profile .You can install extensions globally, but the user will have to enable them anyway. That is not required for userChrome.css code.
-
Is it possible to reset password for any user using abap program
Hi friends,
Is it possible to reset password for any user using abap program by specifying client number and user id. in selection screen.
if any code for that to reset password please mail me.
Thanks & Regards,
YogeshHello Yogesh,
Yes you can reset the password for any body using ABAP Code. But for that you really don't need any client number.
If this process is on regular basis, then recommended is to use BAPI for changing the user details Otherwise BDC also works fine.
=> Function Module - BAPI_USER_CHANGE
Call this in the program for resetting the password.
=> CALL TRANSACTION 'SU01' USING InternalTable
This will be executed in the BDC of SU01 transaction recording. Use the Password Change button in the application toolbar of transaction while recording.
Hope this helps.
PS If the answer solves your query, plz close the thread by marking it solved and rewarding each reply.
Regards
Maybe you are looking for
-
How do you change the name in the top left hand corner of the screen on my ipad air?
If you actually can...
-
I canceled a pre-order ablum but when I went back to the store the ablum still says that I have it pre-ordred even though my account does not show it anymore. Does it take time to clear out ?
-
In a script, I set the current date to a variable. I want to use that variable in my rsh command. The variable doesn't work. Here's what I do: # Setting the current date EXTENSION=`date "+%m%d%y"` # Do copy on remote system using current date variabl
-
Very urgent : Deleting unwanted documents from billing due list.
Hi all BP Experts, Issue : User is getting cancelled Sales documents in billing due list. Ideally it should not come. Now he wants to remove those documents from list. Please note that documents are for order related billing. My query is why the due
-
I can not update my garageband to the 4.1.2 It tells me that "an eligible GarageBand application was not found in/Applications." HELP