You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "Lou DeGenaro (JIRA)" <de...@uima.apache.org> on 2018/08/17 16:26:00 UTC
[jira] [Commented] (UIMA-5800) DUCC Web Server (WS) does not honor
db.access permissions when changed?
[ https://issues.apache.org/jira/browse/UIMA-5800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16584136#comment-16584136 ]
Lou DeGenaro commented on UIMA-5800:
------------------------------------
> add new python script to admin directory: db_access_check.py
usage: db_access_check.py [-h] --owner OWNER --looker LOOKER [--debug]
Determine if LOOKER can view OWNER database data through examination of
db.access file in security directory, typically ~/.ducc. Return 1 if
authorized, 0 otherwise. Rules: 1. Authorized if OWNER == LOOKER or 2.
Authorized if OWNER db.access file is readable by all or 3. Authorized if
LOOKER groups contains the OWNER db.access file group
optional arguments:
-h, --help show this help message and exit
--owner OWNER, -o OWNER
the user who owns the data
--looker LOOKER, -l LOOKER
the user who views the data
--debug, -d display debugging messages
> employ script in WS org.apache.uima.ducc.ws.utils.HandlersHelper isServiceFileAccessForRead
> DUCC Web Server (WS) does not honor db.access permissions when changed?
> -----------------------------------------------------------------------
>
> Key: UIMA-5800
> URL: https://issues.apache.org/jira/browse/UIMA-5800
> Project: UIMA
> Issue Type: Bug
> Components: DUCC
> Reporter: Lou DeGenaro
> Assignee: Lou DeGenaro
> Priority: Major
> Fix For: 2.2.3-Ducc
>
>
> user is trying to use ducc-mon to view another user's data which is stored in DB. File db.access owning user's permissions were rw - -. When changed to rw r r, the alien user still cannot see data coming from DB.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)