power automate – Grant direct access for Azure Active Directory security group to SharePoint Online list item using a Flow

We found examples for granting permissions to a list item using the REST API by email address or SharePoint Group ID. We haven’t found an example of how to add an Azure AD security group to a SharePoint list item. Anyone aware if this is possible and what the format would be for the POST HTTP action in the flow to accomplish this? You can manually give direct access to an Azure AD security group using the user interface for the list item permissions.

Here are instructions for applying a specific user or SharePoint group:

https://www.annajhaveri.com/power-automate/set-unique-permissions-for-item-in-sharepoint-using-power-automate/

apache2 – Apache shows Magento directory index after installation (local dev setup)

So this is a bit of a debugging question, but I do not have any idea what else to try.

I am new to Magento and I wanted to set up a local instance of it to fiddle around.
I followed effectively this tutorial. After everything is done, trying to open the Magento site on browser merely shows the index of the directory Magento is installed on, as shown below:

On the same machine, another test pure php page works fine.
I will post the Apache configuration of the site and the configuration of Magento as shown by the magento config:show command. Feel free to ask whatever other configuration or log is needed to find out what is happening.

Site Apache configuration:

<VirtualHost *:80>
     ServerAdmin admin@localhost
     DocumentRoot /var/www/magento2.4/pub

     <Directory /var/www/html/magento2.4/pub>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
#       Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


Magento config output:

$ sudo -u www-data /var/www/magento2.4/bin/magento config:show
yotpo/module_info/yotpo_installation_date - 2021-05-08
yotpo/sync_settings/orders_sync_start_date - 2021-05-08
catalog/search/engine - elasticsearch7
catalog/search/elasticsearch7_server_hostname - localhost
catalog/search/elasticsearch7_server_port - 9200
catalog/category/root_id - 2
web/seo/use_rewrites - 1
web/unsecure/base_url - http://localhost/
general/locale/code - en_US
general/locale/timezone - America/Chicago
general/region/display_all - 1
general/region/state_required - AU,BG,BR,CA,CH,CN,CO,EE,ES,HR,IN,IT,LT,LV,MX,PL,RO,US,UY
currency/options/base - USD
currency/options/default - USD
currency/options/allow - USD
analytics/subscription/enabled - 1
crontab/default/jobs/analytics_subscribe/schedule/cron_expr - 0 * * * *
crontab/default/jobs/analytics_collect_data/schedule/cron_expr - 00 02 * * *
msp_securitysuite_recaptcha/frontend/enabled - 0
msp_securitysuite_recaptcha/backend/enabled - 0
twofactorauth/duo/application_key - FLUe5W1ndlNSCOt5ah5IUluRgIbO2ahoz8pWOVykoky06biGd0Aisvdw1slOIIfX
connector_dynamic_content/external_dynamic_content_urls/passcode - V1QrRRz31I7TUG0TZ1RDJZE7eRxFxaiR
connector_automation/review_settings/allow_non_subscribers - 1
connector_configuration/abandoned_carts/allow_non_subscribers - 1
sync_settings/addressbook/allow_non_subscribers - 1
connector_developer_settings/system_alerts/user_roles - 1

Elastic search ping command output:

$ curl -XGET localhost:9200
{
  "name" : "user-pc",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "RfVO4Tj6TcCQWwyDegap3g",
  "version" : {
    "number" : "7.12.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "3186837139b9c6b6d23c3200870651f10d3343b7",
    "build_date" : "2021-04-20T20:56:39.040728659Z",
    "build_snapshot" : false,
    "lucene_version" : "8.8.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

.htaccess file contents:

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/pub/
RewriteCond %{REQUEST_URI} !^/setup/
RewriteCond %{REQUEST_URI} !^/update/
RewriteCond %{REQUEST_URI} !^/dev/
RewriteRule .* /pub/$0 (L)
DirectoryIndex index.php

Apache error log has nothing generated whenever I access the site.

Below are the contents added to the Apache access logs when I access the site:

127.0.0.1 - - (09/May/2021:19:52:43 +0300) "GET / HTTP/1.1" 200 1036 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
127.0.0.1 - - (09/May/2021:19:52:43 +0300) "GET /icons/blank.gif HTTP/1.1" 304 179 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
127.0.0.1 - - (09/May/2021:19:52:43 +0300) "GET /icons/unknown.gif HTTP/1.1" 304 179 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
127.0.0.1 - - (09/May/2021:19:52:43 +0300) "GET /icons/text.gif HTTP/1.1" 304 180 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
127.0.0.1 - - (09/May/2021:19:52:43 +0300) "GET /icons/folder.gif HTTP/1.1" 304 179 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"

Apache modules loaded:

$ apache2ctl -M
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php7_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 status_module (shared)

I made sure multiple times to convert the permissions of all the files in the directory to www-data user, recursively.
Any help appreciated.

EDIT: So I changed my DocumentRoot to /var/www/magento2.4/pub. Now I get a page with no css apparently:

And every link I try is a 404:

The rest of the configuration is the same. pub folder has its own default .htaccess file.

active directory – Windows-side configuration for CoreDNS

I want CoreDNS to forward to Windows 2016 AD DNS services using a subdomain (k8s.ad.mydomain.com). I have the delegate created, I have an NS record (though it says it is not authoritative), and I have my entry in the CoreDNS ConfigMap with the IPs to the forwarders.

Is the error about not being authoritative inevitable or is it a misconfiguration?

nfs – Google Cloud Filestore, How to limit the disk usage of each user directory?

I’m currently using Google Cloud Filestore to store user data. Each user has a separate directory, in which they can store any data they want.

However, as the users grow, the capacity cannot handle all the uploaded files. Therefore, I want to set the usage limit of each directory (for example, /my_filestore/alex can only store up to 10GB).

At first, I plan to use quota utility tool, but this tool cannot work with NFS mounting, as NFS.mount does not allow usrquota option.

Is there any other alternative to do implement this restriction? Thanks so much.

linux – Modify folder permissions of parent directory that were automatically created by autofs

I am currently following this guide to setup CentOS 8 to automount samba shares.

I am aware that we can change autofs auto mounted folders permissions using

uid=...,gid=...,file_mode=0770,dir_mode=0770

and it does technically work

Here’s my current setup, so my auto.master contains the following

/mnt/smb /etc/auto.smb.top

auto.smb.top

* -fstype=autofs,-Dhost=& file:/etc/auto.smb.sub

auto.smb.sub

* -fstype=cifs,sec=ntlmv2,credentials=${HOME}/.${host}.smbpasswd,uid=${UID},gid=sambausers,file_mode=0770,dir_mode=0770,nounix ://${host}/&

with all the configuration above, /mnt/smb/192.168.x.x /shared_folder does have the expected permissions, however the permissions for its parent directories /mnt/smb and /mnt/smb/192.168.x.x are owned by root and does not follow the configuration from autofs.

I even tried to modify /mnt (which is not auto created by autofs)to the corresponding permissions but what happens is that the created smb folder still is owned by root and does not follow the permissions at all of its parent directory. Did I miss anything in my configuration? I tried adding uid=...,gid=...,file_mode=... to autofs.smb.top, but the same issue persists.

with the current setup described above autofs makes the following

  • /mnt/smb – owned by root
  • /mnt/smb/192.168.x.x – owned by root
  • /mnt/smb/192.168.x.x/shared_folder – owned by sambausers (custom group I made)

but what I wanted was

  • /mnt/smb – owned by sambausers with 0770
  • /mnt/smb/192.168.x.x – owned by sambausers with 0770
  • /mnt/smb/192.168.x.x/shared_folder – owned by sambausers with 0770

ssh – Permission denied despite being in group that owns the directory

I have an directory to which I’ve set the permissions as follow:

sudo chown -R root:www-users /var/www
sudo find /var/www -type d -exec chmod 2775 {} +
sudo find /var/www -type f -exec chmod 0664 {} +

My www-users group was created this way:

groupadd www-users
usermod -a -G www-users pi
usermod -a -G www-users www-data

When I type groups pi I get:

pi : pi adm dialout cdrom sudo audio www-data 
video plugdev games users input netdev spi i2c gpio www-users

Now, when I log in with my FTP client as pi or with ssh, I got permissions denied when I try to do:

touch /var/www/html/test.php

windows server 2016 – How can Hyper-V failover be done without Active Directory

We are a small outfit, and I am running 4 webservers, 2 SQL servers, and a Reporting Server as VM’s in Hyper-V on WinServer2016 (datacentre edition). I want to be able to have a failover from this machine (Dell R620) to a copy of it. The servers are not on AD – I’m a dev wearing a Admin hat badly.

Is there something out there that can do this?

Already have replication running from (live) machine to (backup/failover) machine.
However, if stuff goes down, all info that was committed to sql databases since last replication would be lost, and this is the main problem.

I have no AD training at all, and the current setup is a mongrel that started as a BusinessServer2003, migrated to 2008 then to hybrid cloud based by previous employee that has left. I employed a tech thereafter for a period but fired him after he proved incompetent and in process of stealing source code. Sigh.

Not sure if this is do-able, but I want to attack the biggest headaches first.

active directory – Reserve Email Addresses for old users within Exchange organization

Due to a software dependency, I have an odd requirement in my environment, while trying to clean up stale accounts. I want to remove all the stale AD Users and Exchange mailboxes from the environment, however, I need to somehow reserve the SMTP Address for the stale account, so that the address cannot be assigned to another mailbox later (maybe a new user with the same name). I’m looking for the best strategy. technical details are not my concern.

I’ve ended up with the below two strategies (I think still there must be a better way, please advise):

  1. convert each mailbox to a contact. Steps:

    • remove mailbox (this will also delete the AD user)
    • create a contact with the email address of the deleted mailbox
      Cons: not much cleanup! because each object is actually replaced by another object.
  2. preserve all email addresses by adding each as a proxy address for a dummy user. Steps:

    • remove mailbox (this will also delete the AD user)
    • add the email address of the deleted mailbox as a proxy (additional) address into a dummy mailbox
      Cons: I have more than 6000 stale mailboxes. in exchange 2019 you can have ~1000 addresses per object.

another approach might be a “Disable-and-then-Enable-mailbox” strategy, which will remove all the old mailbox contents, preserves the address, and also preserve the user account. like the <1> method mentioned earlier, it actually does not clean up much.

What do you think is the best way to preserve a lot of email addresses in the Exchange Server (or Active Directory), and avoid those addresses from being assigned to new users after the original mailbox is deleted?