uima-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lou DeGenaro (JIRA)" <...@uima.apache.org>
Subject [jira] [Commented] (UIMA-5800) DUCC Web Server (WS) does not honor db.access permissions when changed?
Date Fri, 17 Aug 2018 16:26:00 GMT

    [ https://issues.apache.org/jira/browse/UIMA-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16584136#comment-16584136
] 

Lou DeGenaro commented on UIMA-5800:
------------------------------------

> add new python script to admin directory: db_access_check.py

usage: db_access_check.py [-h] --owner OWNER --looker LOOKER [--debug]

Determine if LOOKER can view OWNER database data through examination of
db.access file in security directory, typically ~/.ducc. Return 1 if
authorized, 0 otherwise. Rules: 1. Authorized if OWNER == LOOKER or 2.
Authorized if OWNER db.access file is readable by all or 3. Authorized if
LOOKER groups contains the OWNER db.access file group

optional arguments:
  -h, --help            show this help message and exit
  --owner OWNER, -o OWNER
                        the user who owns the data
  --looker LOOKER, -l LOOKER
                        the user who views the data
  --debug, -d           display debugging messages

> employ script in WS org.apache.uima.ducc.ws.utils.HandlersHelper isServiceFileAccessForRead

> DUCC Web Server (WS) does not honor db.access permissions when changed?
> -----------------------------------------------------------------------
>
>                 Key: UIMA-5800
>                 URL: https://issues.apache.org/jira/browse/UIMA-5800
>             Project: UIMA
>          Issue Type: Bug
>          Components: DUCC
>            Reporter: Lou DeGenaro
>            Assignee: Lou DeGenaro
>            Priority: Major
>             Fix For: 2.2.3-Ducc
>
>
> user is trying to use ducc-mon to view another user's data which is stored in DB.  File
db.access owning user's permissions were rw - -.  When changed to rw r r, the alien user
still cannot see data coming from DB.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message