I deny my admin overall permission in jenkins and need it back - security

I denied my admin overall permissions in jenkins and I can't configure it anymore.
I've tried everything here but nothing worked.
After changing <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> I can open jenkins with my job, but when I want to configure security again, and set logins, everything come back.
It happened because of Matrix-based security plugin I set before, I think I set settings for anonymous (as was written in plugin table), but it sets on admin.
Thank you in advance!

Related

jenkins Access Denied- asdf#gmail.com is missing the Read permission

i am using Jenkins war 1.520 in Ubuntu 12.04 i had configured jenkins with openid plugin and authenticated with Google apps. I made some changes in role based security and matrix based security why prompts me
Access Denied- asdf#gmail.com is missing the Read permission
please let me know, what needs to be done in order to get the access to jenkins
You will have to reconfigure your permissions. Do you still have a user with login access or not ? If not you might have to reset it by temporarily disabling the security. This can be achieved by modifying the $JENKINS_HOME/config.xml ($HOME/.jenkins/config.xml by default when running the jenkins.war on your system) and setting <useSecurity> from true to false. Be sure to backup your config!
Once you are there reenable the security, and show us what you have in matrix and role based security.
Had the same issue with Jenkins, turns out my user name was Gideon but error I was getting was 'gideon is missing the overall administer/register permission'. Edited config.xml by changing Gideon to gideon in the /hudson/authorizationStrategy/permission tags and everything is working fine now.
My permissions file was here:
/var/lib/jenkins/config.xml
As suggested in Disable security page, you need to edit config.xml in your $JENKINS_HOME (e.g. /var/lib/jenkins) and remove lines with useSecurity, authorizationStrategy and securityRealm, then restart Jenkins.
See: Jenkins Github Authentication error: user is missing the Overall/Read permission

CentOS 5.6: Apache access permission after .htaccess upload

I was working on my home server remotely and wanted to make some changes to my .htaccess. I could not see this files using my FTP(filezilla) and thought there was none there. I decided to upload one I had in my computer to my server in public_html and although the upload was successful per FZ, this file is not listed anywhere, even when I physically access the server.
It looks like it is being hidden. The main problem is that after this, now I get the following error message and cannot access my test site:
You don't have permission to access / on this server.
If I access my server and DISABLE SELINUX or make it PERMISSIVE, my pages start working as normal. If I make it ENFORCING my webpage becomes unavailable and I see the error listed above.
Questions:
First of all, how can I make this .htaccess visible in a CentOS 5.6 system?
What is the difference between ENFORCING and PERMISSIVE?
Will I run into Security Risks if I leave my server setup as PERMISSIVE?
Thank you all,
Heh. No one has answered this in 4 months because it's hard to find an answer that is direct & specific (per the guidelines) and won't start a discussion. But I'll give it a try.
FileZilla can show hidden files, the method is different for different versions. Try the View or Server menu, or look for "hidden" in the built-in help.
ENFORCING means that selinux is running and prevents actions that violate its active policies. PERMISSIVE means that selinux is running and logs (but does not prevent) actions that violate its active policies.
Yes. Specifically, in ENFORCING mode, a hostile entity would have to both upload a file with malicious code and set the selinux context for the file in order to run it. In PERMISSIVE mode, they just need to upload the file. This is the most likely explanation for your experience: you uploaded a new .htaccess file, but did not set its selinux context.

Kenitico CMS not getting configured

I am configuring the Kentico CMS to my local machine but getting the following error:
The CISM115\cis account is not granted with Modify permission on folder C:\inetpub\wwwroot\KenticoCMS\. Although this is not an error, it's highly recommended that you configure these permissions.
Why is this happening and how do I fix it?
You need to change the persissions of that folder, so that the application can modify it's contents.

coldfusion scheduled tasks iis permission

I am trying to use the ColdFusion administrator to schedule a task. It is returning an error which says that there are not enough permissions to execute the task.
I can successfully execute the cfm file in IE, so it's not an error with the actual file.
So from what I've read about this, it appears to be an IIS problem. Do I need to change IIS_WPG permissions on the scheduled tasks folder?
I'm wondering what permissions I need to change to be able to execute scheduled tasks. Also would be interested in best security practices.
Although I was not initially aware of this, I found out that windows integrated authentication was turned on.
I had the server admin set the IIS security on folder to anonymous access which contained the tasks. This fixed the problem.

(IIS/Win2000Pro) Granting Registry read rights to IIS user?

Okay, so I'm running a small test webserver on my private network. I've got a machine running Windows 2000 Pro, and I'm trying to run an ASP.NET app through IIS.
I wrote it so that the webpage would use the registry to store certain settings (connection strings, potentially volatile locations of other web services, paths in the local filesystem where certain information is stored etc...) Of course, it worked fine when testing with VStudio.NET 2005, because the user running the app has elevated privileges. However, running it on IIS I get a "Access to the registry key 'HKEY_LOCAL_MACHINE\Software' is denied.", which suggests the IIS user doesn't have read access to that part of the registry (I only do reads through the website itself, never writes).
I was like "okay, simple enough, I'll just go give that user rights to that part of the registry through regedit." The problem is, I don't see an option anywhere in regedit to change security settings... at all. Which got me thinking... I don't think I've ever actually had to change security settings for registry hives/keys before, and I don't think I know how to do it.
Half an hour of searching the web later, I haven't found any usable information on this subject. What I'm wondering is... how DO you change security rights to portions of the registry? I'm stumped, and it seems my ability to find the answer on Google is failing me utterly... and since I just signed up here, I figured I'd see if anyone here knew. =)
If your having touble with RegEdit in Windows 2000 you can try the following:
Copy the Windows XP RegEdt32.exe to the Windows 2000 Machine
Using a Windows XP Machine, connect to the Windows 2000 registry remotely: File > Connect Network Registry
You can set permissions at the folder level for which you want to grant user permissions read/write access.
In your case, right click on the "Software" folder and select "Permissions".
You'll probably know the rest from there.
EDIT: If you still run into issues, you may want to modify your web.config file and use impersonation to have your web application run as a certain user account. Then you can put a tighter reign on the controls.
RegEdt32.exe will allow you to set permissions to registry keys.
Simply right click on a Key (Folder) and click Permissions, then you can edit the permissions as you would an file system folder.
I did so, assuming that a Security setting would be available. I didn't see any "Security" option when I right-clicked on the Key. =( I triple-checked just to make sure... and I just tried it on my XP machine, and it does indeed have the "Permissions" section... but the Windows 2000 machine doesn't. (how's that for wierd?)
In my searching, I found:
http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/Q_21563044.html
Which notes that RegEdit for Windows 2000 doesn't have the Security/Permissions settings... but it proposes no solution to the problem. (Whoever asked the question was using Windows XP so he was okay... but in my case, it's 2000)
Is there any way to make it happen specifically in 2000?
EDIT: Ahhhh... if worse come to worse, I suppose I can do the impersonation as mentioned below... though if I can't set security settings for the registry in 2000, I'm left with making that user have Administrative access (I assume?) to actually get those rights, which sadly defeats the purpose. =(
Oh, let me try that! I didn't realize you could remotely connect to another registry.
(EDIT: I was wrong, it did work... it just took several minutes to respond to my request to change permissions remotely)
The remote connection idea did it! You're good! Thanks so much for your help! I never realized you could remote connect with RegEdit... you learn something new every day, they say! =) Thanks again for your assistance! =)
On another note though, about copying the XP version of RegEdit to Windows 2000... is that safe? I figured they would be coded in such a way as to be incompatible... but I could be assuming too much. =)
Just use RegEdt32.exe instead of Regedit.exe.
Go to the desired key or folder, then open the security menu and click on 'permissions'.

Resources