EPERM Error in NodeJS for window shared folder - node.js

I am trying to copy a local file to shared folder but EPERM error is showing. This is my code:
var fs = require('fs');
var is = fs.createReadStream(SOURCE_FILE);
var os = fs.createWriteStream(TARGET_FILE);
is.pipe(os);
is.on('end', function() {
console.log('success');
});
... this is the error message:
Application has thrown an uncaught exception and is terminated:
Error: EPERM, open 'TARGET_FILE'
TARGET_FILE includes a windows shared folder with all permissions for all users
Thanks in advance

If you are running IISNODE on IIS 7/8 it could be running on a special type of user that does not inherit "All Users" permission.
If you are running iisnode from a command prompt it is probably running as the user you are logged in as. If you are running it in a service wrapper it is probably also running under a a "user" that does not inherit "All Users" permission. You can load the task manager (right click on your task bar) to see what user the process is running under.
If you are using IISNODE in IIS, node.js is using the same user as the domain you are running it under. Typically DefaultAppPool.
TO give DefaultAppPool permission:
right click on the folder
select properties
select the security tab
click the edit button
click the add button
enter IIS AppPool\DefaultAppPool in the box (including spaces)
click the check names button
it should now show DefaultAppPool underlined, click OK
select DefaultAppPool from the list of users and assign them the minimum required rights - resist the temptation to give DefaultAppPool excessive rights.

Related

Allow Powershell script download from webpage in IIS

I am trying to update a Razor page (running on IIS 10.0 version 1809) to allow me to share a Powershell script. I want the user to be able to right-click the link and select "save" to download the script from a folder on the web server (wwwroot/<site name>/downloadFiles). I verified that the NTFS permissions allow "Read & Execute", "List folder contents", and "Read" to IUSR, Network Service, Users, and IIS_IUSRS.
I tested:
Right-click the link and select "Save link as..." and Chrome tells me, "Failed - No file"
Browse to https://<site url>/<site name>/downloadFiles/script.ps1 and IIS tells me: 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Browse to https://<site url>/<site name>/downloadFiles and IIS tells me: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
In _Layout.cshtml, I have the link setup as:
Script
Any idea how I can make this work?
Use the FileExtensionContentTypeProvider to map the .ps1 extension to the application/octet-stream mime type to force a download as explained in the docs: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/static-files#fileextensioncontenttypeprovider
var provider = new FileExtensionContentTypeProvider();
provider.Mappings[".ps1"] = "application/octet-stream";
app.UseStaticFiles(new StaticFileOptions
{
ContentTypeProvider = provider
});

Modx give to a user permissions to add new users

I am using Modx, and I try to give to a user permission to add/edit/delete new users.. So far so good, the user can do that, the thing is that I get an annoying error message. (even everything works).
The message appears when I access the user info.
Code: 200 OK {"success":false,"message":"Permission
denied!","total":0,"data":[],"object":[]}
Action for requests where I have this error:
action: workspace/namespace/getlist
action: security/user/setting/getList
It seems you don't have some other permission. Shortly here is how you should get some hint what permission: when user edition is in progress please open browser console and check all AJAX calls via Network tab...one should return JSON from above. If so please check what MODX processor was requested in action form parameter.. f.e. it can be /users/getlist.. so you should update your ACLs and add the permissions for the user list.

Redirect Joomla errors on Windows Azure IIS

I have a Joomla! site running on Windows Azure and all is fine.
But, everytime someone try do access something that not exist (www.domain.com/xpto) the server returns the error:
jos-Warning: exception 'RuntimeException' with message 'Unknown column 'header' in 'field list' SQL=SELECT new_url,header,published FROM xxx_redirect_links WHERE old_url = 'http://www.domain.com/xpto' LIMIT 0, 1' in
How can I redirect the user to the index everytime an error occurs?
This is a bug in Joomla, try to fix this by:
Click on the Fix button in the Extension Manager -> Database page. If
that fails, a clean installation will need to be done.
ref: https://github.com/joomla/joomla-cms/issues/5953

display sharepoint app in outlook 2013 and owa

I have created an SharePoint- hosted app and using office API’s within the start page. The app is added in exchange and enter image description hereapp web links are referred in appmanifest.xml.
1) On click of link, page renders as expected in OWA every time except for 1st time, following error occurs .
"App Error Something went wrong and we couldn't start this app. Please
try again later or contact your system administrator." console log
shows:“Uncaught Sys.ArgumentNullException: Sys.ArgumentNullException:
Value cannot be null.Parameter name: conversationId “ in
outlook-web-16.00.js:
It works as expected in subsequent calls.
2) The app doesn’t load in outlook client. Following error occurs in Microsoft Office Alerts :
App Error This app could not be started. Close this dialog to ignore
the problem or click "Restart" to try again. P1: Apps for Office P2:
15.0.4719.1001 P3: 0x80010105 P4: following is displayed in fiddler: X-MSDAVEXT_Error: 917656; HTTP/1.1 401 Unauthorized ........ ..
Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.
.....
All suggestions are highly appreciated.
This issue appears when we debug outlook apps in debug mode and the app exceeded the allotted time to load required office 365 js files into your app.
One thing i am doing to avoid this issue, in the browser you are using to authenticate using o365 account, check the box to login automatically to save time and load client js files faster post authentication step.

System.Net.WebClient doesn't work with Windows Authentication

I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as
it only 'Authentication' method.
WebClient myWebClient = new WebClient();
myWebClient.Credentials = new System.Net.NetworkCredential(#"boxname\peter", "mypassword");
byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName);
I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2
Both client and IIS are on the same Windows Server 2003 Dev machine.
When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up.
However when using IE8, I get the same 401.2 error.
Tried Chrome and Opera and they both work.
I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options.
The Security Event Log has a Failure Audit:
Logon Failure:
Reason: An error occurred during logon
User Name: peter
Domain: boxname
Logon Type: 3
Logon Process: ÈùÄ
Authentication Package: NTLM
Workstation Name: boxname
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 1476
I used Process Monitor and Fiddler to investigate but to no avail.
Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?
I have seen a similar issue, where the Integrated / NTLM security will only work if you are accessing the host by machine name or localhost. In fact, it is a [poorly] document feature in Windows that is designed to protect against "reflection attacks".
Basically, you need to create a registry key on the machine that is trying to access the server, and whitelist the domain you are trying to hit. Each host name / FQDN needs to be on it's own line - there are no wildcards and the name must match exactly. From the KB Article:
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Exit Registry Editor, and then restart the computer.
http://support.microsoft.com/kb/956158/en-us
Have you tried ...
new NetworkCredential( "peter", "password", "boxname" );
You might also try ...
var credCache = new CredentialCache();
credCache.Add( new Uri ("http://localhost/upload.aspx"),
"Negotiate",
new NetworkCredential("peter", "password", "boxname"));
wc.Credentials = credCache;
Also, according to this it may be that IIS is configured wrong. Try replacing "Negotiate" with "Basic" in the above and checking your IIS config for the website. There's also a bunch of possible causes here.
Try going into IE's options and explicitly add the site to the Intranet Zone. Then re-run the program. You should also not run the program from an administrator login. This may trigger the Enhanced Security Configuration for Internet Explorer.
It could explain why you can hit the site with Firefox and Opera, but not with IE or WebClient.
Without knowing your IIS deployment, and assuming that you have the correct authorization rules for upload set in IIS (e.g. the right allow* ACL's on the right dirs you are trying to upload content to, etc), first thing I would try is to set UseDefaultCredentials to true instead of explicitly set Credential. (Maybe you think you are accessing the server with the Credentials you are setting but that's not the case? That would be possible if this works.)
This is a very common scenario, so I would focus on IIS authorization rules for the directory in which you are trying to upload the file, the actual ACL's on that directory. For ex. is your site impersonating or not? if it is, then you have to have actual ACL's on that dir, otherwise whatever account app pool is running on.

Resources