EzDevInfo.com

user-management interview questions

Top user-management frequently asked interview questions

Salt: $HOME of users which does not exist yet

I create a user foo on a minion. The minion evalutes /etc/default/useradd. This means the salt master does not know whether the new $HOME will be /home/foo or in our case /localhome/foo.

How can I get the $HOME of user foo as jinia variable?

I need it in a systemd service file.

I would like to avoid custom pillar data, since this is redundant. Is there a way to get it via grains?

Does it work during boostrapping? First the user foo needs to be created, then the systemd file can be created by looking up the $HOME of foo...

This would work if the user does already exist:

{{ salt['user.info'](user).get('home') }}/foo:
  file.recurse:
    - source:    salt://conf/common/foo

Related issue: https://github.com/saltstack/salt/issues/7883


Source: (StackOverflow)

User state workflow engine in PHP

I'm looking to implement user state / workflow handling in a PHP application.

Currently have:

  • a user based system with around 10 different states any user can be in (enabled, disabled, pre-registered, de-registered, deleted etc.)
  • defined rules regarding from which state to which a user can go based on different system events
  • a rather messy (but mostly working) system full of IFs and SWITCHes scattered all across the place

Want to:

  • replace the current IFfy user state handling with a "clever" state machine that would allow to define those user transition rules
  • allow to visualise those defined rules
  • make the system more secure and bullet proof by making sure the user can only be in legal states

My research:

I checked both SO and other places for a PHP implementation of workflow and state machines and promising candidates seem to be

I'd be grateful for any comments regarding any experience with working with either of the libraries above and / or opinion regarding suitability for what I need or for hints to other places where to look to.


Source: (StackOverflow)

Advertisements

Identity management/SSO solution? [closed]

What are your recommendations for a basic, centralized identity management/SSO service? It must be open source, have a pluggable identity manager (eg: LDAP, DB, openID, etc.) and provide a decent range of API access options (eg: web services, REST, etc.). It must also be clusterable for high availability.

JOSSO? CAS? others?


Source: (StackOverflow)

Jackrabbit user management

I can hardly find any documentation on how to design and build a repository for multiple users.

I'm quite new to Jackrabbit and I was always using one master user credentials to build a repository that was accessed by only one master user.

Now I need a repository that is shared by thousands of users and each user works with his nodes and doesn't have permissions to the others.

The SimpleAccessManager is quite simple :

public boolean isGranted(ItemId id, int permissions) throws RepositoryException {
    checkInitialized();
    if (system) {
        // system has always all permissions
        return true;
    } else if (anonymous) {
        // anonymous is always denied WRITE & REMOVE permissions
        if ((permissions & WRITE) == WRITE
                || (permissions & REMOVE) == REMOVE) {
            return false;
        }
    }

    return true;
}

It looks that one cannot create such a multi-user repository with SimpleLoginModule and SimpleAccessManager. Because it differentiates only between ADMIN and anonymous users that can read everything but cannot write...

So that one have to use DefaultAccessManager and perhaps do something like this :

Session session = repository.login(new SimpleCredentials("admin", "admin".toCharArray())); 

UserManager um = ((JackrabbitSession) session).getUserManager(); 
User user = um.createUser("john", "doe"); 

/*   And assign some ALC as follows... And then play with it like this, which really sucks without proper documentation, one has to reverse engineer everything, wtf */

AccessControlManager acm = session.getAccessControlManager();     
AccessControlPolicyIterator it = acm.getApplicablePolicies(testRootNode.getPath()); 
while ( it.hasNext() ) { 
    AccessControlPolicy acp = it.nextAccessControlPolicy(); 

    Privilege[] privileges = new Privilege[]{acm.privilegeFromName(Privilege.JCR_WRITE)}; 

    ((AccessControlList)acp).addAccessControlEntry(new PrincipalImpl(user.getUserID()), privileges); 

    acm.setPolicy(testRootNode.getPath(), acp); 
} 

The repository will be accessible via OpenCMIS that supplies user credentials from client.

EDIT: this is what I was looking for AccessControl


Source: (StackOverflow)

SharePoint - Site.RootWeb.AllUsers not returning all users

I have a SharePoint site that I created some custom web parts for. One of them requires getting the list of SharePoint site users so I can assign different properties.

The code:

Dim Site As New SPSite(SPContext.Current.Site.Url)
Dim AllUsers As SPUserCollection = Site.RootWeb.AllUsers
Dim u As SPUser
For Each u In AllUsers
    'SOME CODE FOR DISPLAY
Next

Was working great, but yesterday I added a new user and they didn't show up in the list. I definitely see them in the list of users through the default page that shows users, so I'm wondering why this code wouldn't get the user as well.

Does anyone know why this wouldn't return every user in the SharePoint site?


Source: (StackOverflow)

Python Unix/Windows Abstraction Layer for Signal Handling & User Management

I'd like to ask a question for which my extensive web search would suggest the answer is 'no' but maybe I've overlooked something ...

Are there Python abstraction layers sitting on top of Unix and Windows signal handling (for spawned, independent processes) and user management (getting user and group entries, comparing them, etc)?

Yes, I know that Windows and Unix differ in both aspects fundamentally but the OS specific methods do fulfill similar tasks. So it would not seem to be a bad idea to create an abstraction layer.

The closest I have found to what I'm looking for, at least for sub-process management (and to a certain degree to "signaling" those sub-processes), is python-multiprocessing, i.e. http://docs.python.org/dev/library/multiprocessing.html - it's the kind of abstraction I'm looking for but it doesn't quite do what I want.

Any pointers going in such a direction?

A module making signal handling / user management on Windows look like Unix or vice versa would also be OK.


Source: (StackOverflow)

Enumerate Windows user group members on remote system using c#

Within c#, I need to be able to

  • Connect to a remote system, specifying username/password as appropriate
  • List the members of a localgroup on that system
  • Fetch the results back to the executing computer

So for example I would connect to \SOMESYSTEM with appropriate creds, and fetch back a list of local administrators including SOMESYSTEM\Administrator, SOMESYSTEM\Bob, DOMAIN\AlanH, "DOMAIN\Domain Administrators".

I've tried this with system.directoryservices.accountmanagement but am running into problems with authentication. Sometimes I get:

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. (Exception from HRESULT: 0x800704C3)

The above is trying because there will be situations where I simply cannot unmap existing drives or UNC connections.

Other times my program gets UNKNOWN ERROR and the security log on the remote system reports an error 675, code 0x19 which is KDCERRPREAUTH_REQUIRED.

I need a simpler and less error prone way to do this!


Source: (StackOverflow)

Looking for a PHP based user management system

I am presently looking for a user management system in PHP which can easily be integrated and built on. I have googled for it and i have two or three already on the list to try out, but then again i want the benefit of personal recommendation based on usage and experience with a solution.

So if you know of any that has worked for you in time past, i would really appreciate if you can recommend.

Thanks!


Source: (StackOverflow)

Symfony2/FOSUserBundle - Route issues with multiple bundles

Similar to this problem, I need a separate login for both the admin and front end bundles of my site. The admin is actually a separate bundle located in vendors.

Right now, my routing looks like:

app/config/routing.yml:

AcmeSiteBundle:
    resource: "@SiteBundle/Resources/config/routing.yml"
    prefix:   /

AcmeAdminBundle:
    resource: "@AdminBundle/Resources/config/routing.yml"
    prefix:   /admin/

Both of the bundles' individual routing.yml files have:

fos_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

fos_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /profile

fos_user_register:
    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
    prefix: /register

fos_user_security_login:
    pattern:  /login
    defaults: { _controller: FOSUserBundle:Security:login }

fos_user_security_check:
    pattern:  /login_check
    defaults: { _controller: FOSUserBundle:Security:check }

fos_user_security_logout:
    pattern:  /logout
    defaults: { _controller: FOSUserBundle:Security:logout }

And my firewalls in security.yml:

firewalls:
    main:
        context: site
        pattern: ^/admin/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path:  /admin/login
            check_path:  /admin/login_check
        logout:
            path: /admin/logout
        anonymous:    true

    frontend:
        context: site
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            login_path: /login
            check_path: /login_check
        logout:
            path: /logout
        anonymous: true

The problem is that the front end's automatically generated login links point to /admin/login rather than just /login, which is not what I want to have happen.

So, how can I make it use the /admin/* links when I'm there, but just the / links when I'm on the front end? I need to keep their contexts linked as people logged into the admin side should stay logged in on the front end.


EDIT: I renamed my routes as the following:

SiteBundle's routing.yml (same as before):

fos_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

fos_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /profile

fos_user_register:
    resource: "@FOSUserBundle/Resources/config/routing/registration.xml"
    prefix: /register

fos_user_security_login:
    pattern:  /login
    defaults: { _controller: FOSUserBundle:Security:login }

fos_user_security_check:
    pattern:  /login_check
    defaults: { _controller: FOSUserBundle:Security:check }

fos_user_security_logout:
    pattern:  /logout
    defaults: { _controller: FOSUserBundle:Security:logout }

AdminBundle's routing.yml:

_admin_user_security:
    resource: "@FOSUserBundle/Resources/config/routing/security.xml"

_admin_user_profile:
    resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
    prefix: /profile

_admin_user_security_login:
    pattern:  /login
    defaults: { _controller: FOSUserBundle:Security:login }

_admin_user_security_check:
    pattern:  /login_check
    defaults: { _controller: FOSUserBundle:Security:check }

_admin_user_security_logout:
    pattern:  /logout
    defaults: { _controller: FOSUserBundle:Security:logout }

$ app/console router:debug shows:

fos_user_registration_register         ANY    ANY    ANY  /register/
fos_user_registration_check_email      GET    ANY    ANY  /register/check-email
fos_user_registration_confirm          GET    ANY    ANY  /register/confirm/{token}
fos_user_registration_confirmed        GET    ANY    ANY  /register/confirmed
fos_user_security_login                ANY    ANY    ANY  /admin/login
fos_user_security_check                ANY    ANY    ANY  /admin/login_check
fos_user_security_logout               ANY    ANY    ANY  /admin/logout
fos_user_profile_show                  GET    ANY    ANY  /admin/profile/
fos_user_profile_edit                  ANY    ANY    ANY  /admin/profile/edit
_admin_user_security_login             ANY    ANY    ANY  /admin/login
_admin_user_security_check             ANY    ANY    ANY  /admin/login_check
_admin_user_security_logout            ANY    ANY    ANY  /admin/logout

As you can see, the only route that is correct is for user registration, and that's only because it's located just in SiteBundle's routing.yml.


Source: (StackOverflow)

Query TFS for permissions

Is there a way to list which users and AD groups have permissions to a folder and all sub folders in a TFS project?

EDIT: We are using TFS 2008


Source: (StackOverflow)

How can I set a users password in linux from a python script?

I'm trying to automate the setup of SFTP access. This script is running as a user with sudo permissions and no password.

I can create a user like so:

>>> import subprocess
>>> process = subprocess.Popen(['sudo', 'useradd', 'test'], shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>>> process.communicate()
('', '')

Next I need to set the user's password, but I can't figure out how. Here's what I've tried.

>>> process = subprocess.Popen(['sudo', 'chpasswd'], shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>>> process.communicate('test:password')

In my python program it has no effect, in the interactive interpreter it locks up after the first line.

What's the best way to do this?

I'm running python 2.6 on Ubuntu lucid.


Source: (StackOverflow)

ASP.NET MVC How to manage user content using ASP.NET Membership Provider

I come from 5 years of experience with ASP.NET Web Forms, and I'm new to ASP.NET MVC. I'm now trying to learn MVC with some tutorials, video tutorials, and books.
I'm using Visual Studio 2012 and the brand new ASP.NET MVC 4 to build a little web application to manage my portfolio of mutual funds. This should let me get inside the new pattern and learn lots of new things...
My application should also let some other friends to do the same. So it has to manage different users' portfolios.
I've built a little DB with Entity Framework Code First, so I have some basic models: Fund, Portfolio, Share, Deposit, Source and User. One user can have many portfolios with many funds inside of them. Each user has their own deposits list. Each fund has many share values (one/day).
The Source model is simply a table where I put one URL for every website source for the share data of a specific fund. So, one fund has many sources. I then use a scraper class to get data from those websites once a day.
This is the main structure of the application. Now, I need to know what would be the best way to:

1) Manage a user's account.
Should I integrate the ASP.NET Membership DB structure on my DB and use it instead of my custom User table to manage users?

2) Manage user content: portfolios, funds, etc.
What is the easiest and most elegant way in the MVC pattern, to implement authentication and all the authorization validations to make the user getting his own data? Do I need to check this inside every action on every controller?

So, in other words, how do I have to implement my controllers? E.g.:

[Authorize]
public class PortfolioController : Controller
{
    private FundMonitorContext db = new FundMonitorContext();

    public ActionResult Index()
    {
        // Check user ID and give back to the view only his portfolios...

        var portfolio = db.Portfolios.List();
        return View(portfolio.ToList());
    }

    ...

    public ActionResult Details(int id = 0)
    {
        ...
    }

    //Other actions...
}

I would really appreciate every suggestion!


Source: (StackOverflow)

VisualSVN Server password change

Has anyone come up with a way to allow remote users to change their own passwords in VisualSVN server? We have it running in 'stand-alone' (non-ActiveDirectory) mode and the only down side that I've found to this excellent product is that users can't set or change their passwords.

It's something I can live with, but the security implications of passwords that never change are well known. I'm sure it must be possible to add the functionality, but I'm not the least bit talented in any of the technologies used by VisualSVN - so just wondering if anyone has done it?

UPDATE 2010-12-21

I've decided to have a bash at implementing this myself. First obstacle, with which I'd appreciate some help, is the password encryption. I've found that VisualSVN has a password file, called htpasswd which has a list of users in the following format:

JoePublic:$apr1$lpq$kF8nZjjuFxgJBExK8ruf20

JoePublic is the username, I presume the colon is a delimiter and the rest is some sort of password hash. The actual password used in this case was ForgetMeNot.

This doesn't seem to be an MD5 or SHA hash, but I'm not very worldly wise in this area, so it may well be. Given the information above, can anyone deduce the algorithm being used?


Source: (StackOverflow)

Yii, best way to implement "user change of password"

I'm using Yii for an application, I'm writing a very simple user management, like registering, deleting and updating users... For updating the existing user I need to check the old password first before change it to the new inserted password. So here is the fields I have in the form:

username:----
old_password:---
new_password:---

and my user table looks like this:

id, username, password

How can I validate the old_password before updating it with the new_password? I know the usual php coding, but I want to know if there are any Yii tricks that does this automatically...

Thanks in advance


Source: (StackOverflow)

Web FrameWork for User and Group Management

We are developing a Web app and looking for a solid existing framework/app that has User Management, Group Management, login screens, Group Admin screens, User SignUp, etc ... I have a feeling that all SaaS providers require such a thing and there should be something existing and I dont need to write everything again. I have searched google but could not find any such thing but I am sure there is something like this as it is such a basic requirement for any Web App. It can either be in the form of a separate server or can integrate into our app, language is not important for us. Easy integration and customization is most important


Source: (StackOverflow)