Latest Server related questions

In Citrix Profile Management, users are assigned permissions through the Creator Owner object. This object is usually set to have Full Control rights. But are Modify rights sufficient?

My understanding is that the only additional permissions in Full Control is the right to change permissions. This seems to be a source of profile corruption. If users don’t need Full Control I think we’d see fe ...

tl;dr: Force or block traffic through VPN only for a few websites and only using the domain names.

Hi everyone,

I set up a VPN server using OpenVPN for a company I work with.

We'd like to hide our backoffice and administration platforms behind the VPN so that they can only be reachable by connected and allowed users.

I achieved this by setting up the VPN server on an EC2 and adding a WAF rule to th ...

When I was in lower tier support (and sometimes still), one of the most annoying sequences of events was a request for new file permissions >> add user to security group and specify in the reply "you must log out and back into your machine". 20 minutes later, "I'M STILL GETTING DENIED PERMISSION!!". Because you didn't log out and back in did you

Why don't Windows machines in an AD domain per ...

I can't seem to figure out how to exclude a specific location from auth_basic.

server {
        server_name example.com;

        root /var/www/html;

        index index.php;

        auth_basic "Nein nein nein";
        auth_basic_user_file .htpasswd;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-ph ...

php-fpm version: 7.4 nginx version: 1.19.0

We run on gke, kubernetes; our nodes have 10 cpu and 24G of ram and we request 2 CPUs (limit 3) to our pods that run our Laravel stack (nginx + php-fpm). The two services share a pod, but are separate containers (one for nginx, one for php). The reason they share a pod is because it clogs up our network to communicate php -> nginx from separate pods ...

I have the following setup - Nginx load balancer that receives https traffic and passes through to nodes. On each node there is a reverse proxy that handles https traffic and passes data to App1, App2 in plain text.

--> LB --> RP -> App1, App2
       `-> RP -> App1, App2

Now the issue is that if App1 is down on a node, load balancer doesn't detect that and is happily serving 502 back to ...

My company is migrating/consolidating domains with several remote business we have purchased, and one of our remotes sites has a pre-existing IT department that we want to keep in place. We would like to give the pre-existing department access to manage their users, groups, and PCs with out giving them access to anything else in our network. Has anyone dealt with this before, and if so how did you set t ...

We need a WAF for our Webservice which we are developing at the moment and I'm not sure if we should use FrontDoors or an ApplicationGateway. For the start, we plan to offer our service just for Europe, so in this case FrontDoors is not necessary right? But in the future (maybe 1 year after release) we also want to offer the service e.g. in the US, so in this case we could need FrontDoors.

So my  ...

I have difficulty to stop postgres process in solaris 10 prior to upgrade the version. The process keep coming back even I kill with -9. I've done pg_ctl stop -W -D /location/to/data/ -m immediate but shutdown process keep failing.

From log:

LOG:  database system was interrupted at 2021-07-08 20:00:35 WIT
LOG:  checkpoint record is at 21/59607654
LOG:  redo record is at 21/59607654; undo record is at ...

The log output I get is the following:

"Jul  7 11:23:46 mail policyd-spf[19779]: 550 5.7.23 Message rejected
due to: SPF fail - not authorized. Please see 
http://www.openspf.net/Why?s=mfrom;[email protected];ip=<IP>;r=<UNKNOWN>
Jul  7 11:23:46 mail postfix/smtpd[19773]: NOQUEUE: reject: RCPT from
remotemailserver.de[IP]: 550 5.7.23 <[email protected]>:
Recipient address rejected:  ...

I started getting a 504 gateway timeout error this morning. Looking at my PHP error logs I'm seeing a TON of errors at that time for one particular site on the server:

[08-Jul-2021 07:39:23] WARNING: [pool coa] child 5912, script '/srv/.../public/index.php' (request: "HEAD /index.php?u55098017845Y83713097752ga120390874027X270621384728") executing too slow (5.757430 sec), logging
[08-Jul-2021 07:39: ...

I'm creating a mailbox on our Postfix server. We've a script which synchronize our LDAP to our Webmail (~RoundCube), and then we must execute the following command on the Postfix server:

echo -e "[email protected]\tOK" >> /etc/postfix/virtual_mailbox
echo -e "[email protected]\[email protected]" >> /etc/postfix/virtual_alias # if we want an alias
postmap /etc/postfix/virtual_mailbox & ...

Both Azure Data Lake Storage Generation 1 and Generation 2 have limit on number of ACL entries per folder/object (28/32). Because of that one may want to clear up ACL a bit. What I can't get from documentation is how to interpret an entry with no permissions checked in UI (None permissions level) - does it translates into explicit deny or it is the same as if I remove this entry from ACL? I mean both UI ...

I do not why I am not able to see under tcpdump the correct length value which should be $((9706-28)) = 9678, but I see 9686. On both side there is a MTU set to 9706 which maximum value for the interface which I am using.

I run command:

ping -D -s $((**9706**-28)) 192.11.14.28
PING u1428-11 (190.11.14.28): 9678 data bytes
**9686** bytes from 192.11.14.28: icmp_seq=0 ttl=64 time=0.249 ms
**9686** b ...

I have a service that requires access to its own certificate store but gets an access denied.

I checked with mmc and the Certificates snapin for the service and the store exists and contains certificates. However, in the snapin I cannot see or set permissions.

I tried dumping the certificates (for a test, later to change permissions) using certutil but I keep getting a FAILED with "The parameter is  ...