rights configuration for ArchivingRoot

# 3 years ago
philippeg	Hello tangoers, after installing ArchivingRoot archiving system, we wanted to authorize only accounts in group archivage to be able to execute mambo-rw. We gave read & execution rights on this directory to all users: `$ ls -la ArchivingRoot/bin total 0 dr-xr-xr-x 4 USER archivage 32 août 18 2020 . dr-xr-xr-x 8 USER archivage 114 oct. 2 2020 .. dr-xr-xr-x 3 USER archivage 170 mai 10 2021 linux drwxr-xr-x 2 USER archivage 193 août 18 2020 win32` When launching mambo-rw, we got following error: "Mambo encountered an undesired error and will close: The path is read only". This issue was solved when we gave rwx rights for all users which should execute mambo-rw to directory "~": $ ls -la ArchivingRoot/bin/linux/ total 52 drwxrwxr-x 3 1001 archivage 20 Oct 2 2020 ~ dr-xr-xr-x 3 1001 archivage 170 May 10 2021 . dr-xr-xr-x 4 1001 archivage 32 Aug 18 2020 .. -r-xr-xr-x 1 1001 archivage 8627 Aug 18 2020 bensikin -r–r–r– 1 1001 archivage 51 May 2 2011 bensikin-rw -r–r–r– 1 1001 archivage 1814 Aug 18 2020 databaseconnection -r-xr-xr-x 1 1001 archivage 8337 May 10 2021 mambo -r-xr-xr-x 1 1001 archivage 48 Jan 8 2014 mambodegrad -r-xr-xr– 1 1001 archivage 55 Jan 8 2014 mambodegrad-rw -r-xr-x— 1 1001 archivage 48 May 2 2011 mambo-rw -r–r–r– 1 1001 archivage 5681 Aug 18 2020 snapshotexplorer However, my understanding is those rights should only be given to account path and not to binaries path. Why are these rights necessary? I would like to give right for launching read-only tools for all users but I got the following message: "Failed to lock account folder for writing. Please check your account folder rights (write access)." Here is the current rights from account path: `$ ls -la /data/shared/archivage/ total 8 drwxrwxr-x 7 USER archivage 67 déc. 17 10:26 . drwxrwxrwt 49 root root 4096 déc. 14 10:38 .. drwxrwxr-x 2 USER archivage 161 oct. 26 19:50 ac drwxrwxr-x 2 USER archivage 6 oct. 2 2020 acd drwxrwxr-x 2 USER archivage 25 oct. 2 2020 history drwxrwxr-x 2 USER archivage 25 oct. 2 2020 options drwxrwxr-x 2 USER archivage 21 sept. 28 15:04 vc` I understand I should give write rights to some directories, but I do not want users be able to modify ac (archiving configuration) or vc (visualisation configuration). Which directories should have write access? Giving write access to the directory only but no subdirectories will be sufficient? Regards. - Philippe Edited 3 years ago

# 3 years ago

Hello tangoers,
after installing ArchivingRoot archiving system, we wanted to authorize only accounts in group archivage to be able to execute mambo-rw.

We gave read & execution rights on this directory to all users:


$ ls -la ArchivingRoot/bin
total 0
dr-xr-xr-x 4 USER archivage  32 août  18  2020 .
dr-xr-xr-x 8 USER archivage 114 oct.   2  2020 ..
dr-xr-xr-x 3 USER archivage 170 mai   10  2021 linux
drwxr-xr-x 2 USER archivage 193 août  18  2020 win32

When launching mambo-rw, we got following error: "Mambo encountered an undesired error and will close: The path is read only".

This issue was solved when we gave rwx rights for all users which should execute mambo-rw to directory "~":


$ ls -la ArchivingRoot/bin/linux/
total 52
drwxrwxr-x 3 1001 archivage   20 Oct  2  2020 ~
dr-xr-xr-x 3 1001 archivage  170 May 10  2021 .
dr-xr-xr-x 4 1001 archivage   32 Aug 18  2020 ..
-r-xr-xr-x 1 1001 archivage 8627 Aug 18  2020 bensikin
-r–r–r– 1 1001 archivage   51 May  2  2011 bensikin-rw
-r–r–r– 1 1001 archivage 1814 Aug 18  2020 databaseconnection
-r-xr-xr-x 1 1001 archivage 8337 May 10  2021 mambo
-r-xr-xr-x 1 1001 archivage   48 Jan  8  2014 mambodegrad
-r-xr-xr– 1 1001 archivage   55 Jan  8  2014 mambodegrad-rw
-r-xr-x— 1 1001 archivage   48 May  2  2011 mambo-rw
-r–r–r– 1 1001 archivage 5681 Aug 18  2020 snapshotexplorer

However, my understanding is those rights should only be given to account path and not to binaries path.
Why are these rights necessary?

I would like to give right for launching read-only tools for all users but I got the following message:
"Failed to lock account folder for writing. Please check your account folder rights (write access)."

Here is the current rights from account path:


$ ls -la /data/shared/archivage/
total 8
drwxrwxr-x  7 USER archivage   67 déc.  17 10:26 .
drwxrwxrwt 49 root   root      4096 déc.  14 10:38 ..
drwxrwxr-x  2 USER archivage  161 oct.  26 19:50 ac
drwxrwxr-x  2 USER archivage    6 oct.   2  2020 acd
drwxrwxr-x  2 USER archivage   25 oct.   2  2020 history
drwxrwxr-x  2 USER archivage   25 oct.   2  2020 options
drwxrwxr-x  2 USER archivage   21 sept. 28 15:04 vc

I understand I should give write rights to some directories, but I do not want users be able to modify ac (archiving configuration) or vc (visualisation configuration).

Which directories should have write access?
Giving write access to the directory only but no subdirectories will be sufficient?

Regards.

- Philippe

Edited 3 years ago