Tag: permission

amazon web services – AWS Lambda Add Permission – Source-Arn-Weirdness

I follow this guide to set up a Lambda feature to subscribe to log events. In step 5, you must give "CloudWatch Logs permission to run your role" as follows:

aws lambda add-permission 
    --function-name "helloworld" 
    --statement-id "helloworld" 
    --principal "logs.region.amazonaws.com" 
    --action "lambda:InvokeFunction" 
    --source-arn "arn:aws:logs:region:123456789123:log-group:TestLambda:*" 
    --source-account "123456789012"

That works fine.

Well, according to the documents of --source-arn Argument too aws lambda add-permission it is optional. However, if I do not provide it, the subscription will not appear as registered when the lambda feature configuration page is invoked on the AWS website (see first screenshot below). The subscription is actually registered and can trigger the lambda. I can confirm if I delete the permission and add it again with one --source-arn The subscription is shown as registered (second screenshot).

I think it's a small thing, but why should? --source-arn bad too add-permission has anything to do with why / why the subscription does not appear in the UI? Especially if you deliver or not --source-arn The permission is still sufficient for the Lambda version.

(Note: After I've come a long way in writing this Q, it just seems to be a mistake, but I'll stop so I can refer to it in a big report until there's an answer.)

Enter image description here

Enter image description here

t sql – Move SQL Server Database Files to a New Location – Why Permission Errors?

I tried to move a database (.mdf + .ldf) to another directory on the same server where the SQL server resides. I followed these steps, which can be found in this link:

  1. ALTER DATABASE MyDB SET SINGLE_USER WITH ROLLBACK IMMEDIATE

  2. ALTER DATABASE MyDB SET OFFLINE

  3. ALTER DATABASE MyDB MODIFY FILE (Name = MyDB, Filename = # N: DATA MyDB.MDF #)

  4. ALTER DATABASE MyDB SET ONLINE

  5. ALTER DATABASE MyDB SET MULTI_USER

How do I move SQL Server database files?

When I got to Step4, I got "Access Denied". Unfortunately, my maintenance windows were very short and I did not have time to fix bugs. So I decided to delete the database and restore it with the WITH MOVE clause to put the DB files in the correct directory. No problem.

My question is, why did I get "Access Denied"? I have not changed the MSSQL service account. It's the same account that ran the RESTORE.

Many thanks

Applications – How to reset the access permission for Apple Configurator 2 on a Mac mini?

I'm trying to install my app as an .ipa file on an iPhone device connected to my Mac mini. I used the Apple Configurator 2 menu Actions> Add> Apps … and then selected the button Choose from my Mac …, When I navigated to my desktop for the first time, I selected the .ipa file and clicked Add,

I was asked to enter permission to access the drive, and I clicked the wrong button and refused permission. An error message was issued and the process was aborted. Every time I try to add the file, this error message is displayed.

An unexpected error occurred with "iPhone name".
The operation could not be completed. Operation inadmissible. (NSPOSIXDomainError – 0x1 (1))

The only option is Stop, which terminates the process. Since the Apple Configurator 2 app does not ask for permission again, I can not approve.

Is there a way to reset the permissions for this app without affecting the other apps and settings on this Mac?

Linux – Is there a reason why PHP files require write permission?

Is there a reason why PHP files would require write access? (Except directories that need to be writable)

I install Magento through Composer. They recommend the following permissions:

cd /var/www/html/
find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} +
find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} +
chown -R :www-data . # Ubuntu
chmod u+x bin/magento

This makes the files writable. That is problematic. I also use the snuffleupagus PHP module to add a security level. However, this also causes a problem installing Magento because the following error appears:

2019/12/02 03:48:57 (error) 6782#6782: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  (snuffleupagus)(0.0.0.0)(readonly_exec) Attempted execution of a writable file (/var/www/shop/app/etc/vendor_path.php). in /var/www/shop/app/autoload.php on line 25" while reading response header from upstream, client: 192.168.33.1, server: ucp.local, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock:

I wonder if most of these files should be readable / executable, since there is no reason to be writable on the server. Is there a reason why you should not do this?

permission – Catalina – USB Serial Cables seem to be broken

TL; DR – How can I connect a serial USB cable to Catalina?

I work as an "embedded software developer". I write software on small circuit boards like "Arduino" or "BeagleBone" or "RaspberryPi". Maybe you know or hear the sentence: "JTAG DEBUGGER".

Every day I use different USB SERIAL converters to do my job.

Just a week ago I got this new MAC (MacBook Pro), the new one (November 2019) with the real escape key (thanks!)

I can get SOMETHING not all serial USB things work.

Known:

A) (TYPE_CDC_DEVICES) Some development cards (from ST Microsystems and Texas Instruments) implement a so-called "USB CDC ACM" serial port.

These CDC devices seem to work.

B) (TYPE_CHIP_DEVICES) Others are what you would call "USB Serial Cable" in some cases. The USB chip that performs this function is integrated into the motherboard and used as a debugger.

Please do not tell me to talk to the SELLER – this is a driver provided by APPLE.

These chips come from companies such as FTDI and PROLIFIC (Apple has a driver for it) as well as MICROCHIP and SILABS

For example, the FTDI driver FROM APPLE is here:

/System/Library/DriverExtensions/DriverKit.AppleUSBFTDI.dext

PROBLEM: These CHIP and CHIP cards DO NOT WORK.

I can not open the serial device with my TERMINAL programs.
Such as: Screen, CoolTerm and others.

C) I know the device is present and the driver is loaded – I can see the device, but when I try to open the device, I get several errors.
(The exact error depends on the application I am using.)

foo@bar /dev % ls -l /dev/*usb*
crw-rw-rw-  1 root  wheel   18,  27 Dec  1 16:33 /dev/cu.usbserial-534400
crw-rw-rw-  1 root  wheel   18,  29 Dec  1 16:33 /dev/cu.usbserial-534401
crw-rw-rw-  1 root  wheel   18,  26 Dec  1 16:33 /dev/tty.usbserial-534400
crw-rw-rw-  1 root  wheel   18,  28 Dec  1 16:33 /dev/tty.usbserial-534401
foo@bar /dev %

D) Others also have problems – I'm not alone.

Trying to run screen as root does not help.

E) Tried "sudo chmod a + rwx /dev/tty.usb*"

PART 2 ….

Often, these USB chips have two interfaces, more specifically the FTDI2232.

Interface # 0 – is typically the JTAG debugger interface.

Interface # 1 – is usually the UART debug terminal.

I need both to work. But if I can not get the basic UART up and running, I can not even get started with the JTAG part.

I am stuck.

Windows 10 – Offline file synchronization causes permission issues and hiding desktop shortcuts

I have a user running Windows 10 on his laptop and I have activated it in the Offline Files Control Panel Sync Center. After we restarted his computer, everything seemed fine in the beginning, but the next day he said that some of his shortcuts had disappeared on the desktop and when he tried to open the shortcuts that were still on his desktop , he received the error message "Windows can not access [file path]." Contact your network administrator to request access.

I tried to check the permission settings in the properties windows of the shortcut, but the Security tab simply displayed "You do not have permission to view or edit this object's permission settings."

Disabling offline files again reset his desktop with all shortcuts to their previous state, and returned to the files referenced by the links.

The offline files are currently not encrypted.

Any ideas on how to leave Offline Files enabled without causing the behavior described above?

Google Sheets – "You do not have permission to invoke …" Steps to convert a custom function to an add-on that has the permission?

I'm trying to create a HIDE () function that either hides the current row, column, or both based on another (true / false) value.

I have already created the full function, but unfortunately it only works from the editor and not the sheet. When trying to use it from the sheet, I get an error message, eg You do not have permission to call unhideRow,

Here's a simple way to replicate this problem:

/**
 * Hides the current row based on a boolean switch.
 * @customfunction
 */
function Hide(hidden) {
  // hidden = true

  var ss = SpreadsheetApp.getActiveSpreadsheet();
  var sheet = ss.getActiveSheet()

  var range = sheet.getRange("A1");
  // real function uses sheet.getActiveCell()

  if (hidden) {
    sheet.hideRow(range);
  } else {
    sheet.unhideRow(range);
  }

  return
}

I've read how to grant permissions to self-defined functions, and I understand that it's not possible to use custom functions for this purpose.

I then tried to test the function as an add-on from the editor, but I get the same error.

I've also read the authorization model used for worksheets, but I do not understand what I need to do to make it work.

My question is simple: what steps are required to create an add-on that allows me to include a feature like the proposed HIDE ()?

Amazon Web Services – Permission denied (publickey). new ec2 instance

I have just created a new ec2 instance. Generated the keys and made the connection.

Now, when I try to connect, I get: Permission denied (publickey)

Steps that I followed:

ssh-keygen -t rsa -f my_rsa_key

aws2 ec2-instance-connect send-ssh-public-key --instance-id i-084434ewa3e171039 --availability-zone us-east-2b --instance-os-user ec2-user --ssh-public-key file:///aws_ssh/my_rsa_key.pub

{
    "RequestId": "dd452b0f-89c3-4a01-82ea-c6a55934ec3f",
    "Success": true
}

(root@mail)# nmap 13.34.27.15

Starting Nmap 6.40 ( http://nmap.org ) at 2019-11-25 23:00 EST
Nmap scan report for ec2-13-34-27-15.us-east-2.compute.amazonaws.com (13.34.27.15)
Host is up (0.017s latency).
Not shown: 998 filtered ports
PORT   STATE  SERVICE
22/tcp open   ssh
80/tcp closed http

Nmap done: 1 IP address (1 host up) scanned in 4.93 seconds
(root@mail)# ssh -vi /aws_ssh/my_rsa_key ec2-user@ec2-13-34-27-15.us-east-2.compute.amazonaws.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to ec2-13-34-27-15.us-east-2.compute.amazonaws.com (13.34.27.15) port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file my_rsa_key type 1
debug1: key_load_public: No such file or directory
debug1: identity file my_rsa_key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ec2-13-34-27-15.us-east-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0Rh/uzS6wKgol+aj+2GmbyGaACGHAmnrz8MW6xw+mQE
debug1: Host 'ec2-313-34-27-15.us-east-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: my_rsa_key
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

(root@mail)# ll /aws_ssh/
total 8
-rw------- 1 root root 1679 Nov 25 22:39 my_rsa_key
-rw-r--r-- 1 root root  412 Nov 25 22:39 my_rsa_key.pub

ntfs – Why is "Pass through Folder" and "Execute File" a combined permission?

In the Advanced Permissions dialog box for an NTFS directory, one of the permissions is listed as "Browse Folder / Execute File".

These seem to me to be two separate and completely independent concepts.

Can anyone give an explanation / explanation why these two concepts have been combined into a single permission? Obviously, official documentation would be the best, but I accept well-founded assumptions.