What is a good way to prevent people from submitting changes to a file? I was thinking of two methods
p4 trigger with a python snippet that holds a dictionary with protected paths and warn the user that changes are not accepted any more for that file.
use a bot account to check-out the file and never check-in (sounds like a bad idea)
I was searching for "permanently lock file" however that is just to keep exclusive locks when a file is only to be authored by one user at a time.
Remove write access in the protection table. I.e. run p4 protect and then set up permissions for the path like:
write user * * -//depot/whatever/path/...
If you want users to be able to sync and/or open the file but not submit it, add another line afterward that grants read or open permission specifically. For example, to allow users to sync that path but not edit or submit you'd do:
write user * * -//depot/whatever/path/...
read user * * //depot/whatever/path/...
Related
CWE-61 is about soft links. The basic idea is that attackers point a normal file to other system files or unexpected files through soft links to achieve arbitrary write purposes.
But I have a question, if user A tries to point fileA to fileB through a soft link and exploits this vulnerability to modify fileB; Isn't A required to have the read and write permissions on fileB? (or user A can run the program as root)
If user A already has this permission, why does user A need to use CWE-61 to modify fileB?
I need to make the repositories inside a depot as read-only, so that no one should check in any files.
Could any one assist on the same or provide some commands to make a specific repo read only.
Any help would be appreciated.
Let me know, if any information is needed, Thanks.
Run p4 protect. Change:
super user you * //...
write user * * //...
to:
super user you * //...
read user * * //...
Now the entire repository is read-only to everyone except you. You can add additional lines as needed to make specific parts writable. See p4 help protect for more information.
I'm looking for a way to embed file attachments (like screenshots) inside a Perforce changelist. I'm hoping (but not optimistic) that there's a way inside P4 to actually do this, possibly via a plugin.
If not, I'll either have to look into writing a plugin myself (any pointers?), or I have to cook up a wrapper for P4 checkins that also uploads/submits the attachment, then links that attachment to the CL via an identifier inside the CL. (And then I need a tool to correlate and display both).
To add a bit more information: I'm interfacing with the P4 server via a P4API bot that I'm writing. That bots crawls over every checkin and harvests the data it gets to generate reports. I.e. it correlates submissions with the actual feature spec that informed the task, generates a history of progress for that task etc. Within that context, attaching additional meta data to a CL (like a screenshot) is useful because those attachments can then be used in the data mining - they can enhance the reports that I'm generating.
I can guard against bad/rampant metadata attachments via a wrapper program that is used to make 95% of all our P4 submissions, anyway (it has its own dialog). But I gotta figure out how to present all the data inside P4 when the P4 CL spec only seems to have text available.
I don't think there is any (easy) way to do what you're requesting. A changelist is "an atomic change transaction". There is very little meta-data with them. The P4 command reference for p4 change lists everything you're allowed to do, and adding an arbitrary attachment isn't there.
You could always open a feature request in the Perforce forums.
In Response to Edits
It looks like this is actually just one instance of a larger problem you're facing: managing meta-data around your depot's projects and its changelists. I would suggest you use this requirement as a driving force behind making some larger process changes at your organization. If you have a lot of data being generated based on automated analysis of your projects, it would be better to create a proper database to organize it all. Your submission wrapper could handle putting screenshots (or any other meta data) in a database and annotating the change list description with tags that indicate where to find attachments in the database.
A comprehensive database solution would allow you to associate attachments, changelists and other data with each other and other project resources in a more organized fashion than you currently have.
Original Response
If you decide to write a plugin to handle just this task without a database, my suggested approach would be the following:
Designate a shared network drive or directory that is accessible to all team members as the "perforce attachment dump". Users should have write access to this area.
Use the changelist description field to create a tag to name a file that should be attached. For example, "Attach: file_name.jpg".
Your users use the plugin to navigate to the file(s) locally and the plugin will copy it to the dump drive and add the tag to the description. The plugin should enforce some naming scheme to make the files easy to find. Perhaps append the changelist number to the file base name? Or create a folder for each changelist?
Use a server side pre-submit trigger and script to scan submitted changelist descriptions for tags and retrieve this file from the attachment dump. It should probably reject changelists with the tag if it can't find the file.
The server side script should move the file to a share drive that is read-only to users. This is so that if you want to look at an attachment for a changelist that is five months old, you can be sure it will still be available.
Give your plugin the ability to open the attachments on the read-only share drive from your developer's local machines, from within P4 and P4V.
I am trying to find out if it is possible to lock an rptdesign file.
The idea is to run a report as a service, but without being able to change the default parameters. I know I could just hide the parameter window but still the user could edit the rptdesign file and hard code new values.
Does anyone has any previous experience with this?
Is it possible to make an rptdesign file non-editable?
If you want to prevent users by modifying rptdesign file, you should do it on OS level to enable it only for certain users.
If you want to ensure that the report is not modified, you can add hidden field storing md5 sum from report file. I mean that this field can store md5sum from your report file on the disk. Then you can compare it with your original sum.
Anyway your problem is slightly different - you are expecting certain data from your customers and you want to be cheated by them. You can use the method with md5sum but it is rather the matter of trust to them here or any other possibility to access to their database than through the report (e.g. they can give you the direct access to the database or you can agree to store this data in your company, not theirs).
Let me know if this answer helps you better.
I have a program that opens excel files, performs functions on them, and then saves them, all without user interaction. I've come across some files that are "write reserved". This is different from password protection, but still require a password to access.
I'd like to tell if these files are write reserved before opening them so I can avoid a prompt, but in order to access the Workbook.WriteReserved property, I must open the file. I'd like to resolve this catch-22 somehow... but I am not sure how to proceed.
The only workaround that I found was to supply a bogus password for the write reservation when opening the workbook. Files that are not write reserved (99% of my use cases) pass unhindered, while the rest that are will throw an exception which I can handle. Not clean, but it works.