linux – Can a file be extracted from a folder with only execute permissions?

(Debian GNU / Linux)

If a user only has access + x to a folder, he can still perform a cd and a browse in the folder, but can not use a lot of other commands to read the contents of the folder or files that it contains.

drwx – x – x (the owner can only run the rwx group)

Changing the permissions of the file is not an option in this scenario.
(pen test challenge in retirement)

With this limited access, would it be possible to exfiltrate a file or read its contents?

development – Set the permissions of the folder when creating the folder – nodejs

I have a library of documents with several folders for different projects. I have a projectConsultant user who has read and write permissions on all these folders. There is also projectClient that has view permissions for all folders. projectClient can call an API to download files to a folder called clientFolder. If clientFolder does not exist, it is created and the permissions are set so that projectClient has read and write permissions, and projectConsultant only has read permissions.

How can I set these permissions when the clientFolder is created?
I was looking for a library npm but I found nothing relevant.

sharepoint online – Will the restoration of inheritance on a given list also restore all permissions on the elements?

If I restore the inheritance on a given list with CSOM, will it then restore all the permissions on all items in the list? So, there will be no more unique permissions on the items? Or should I restore the inheritance on each item in the list?

list.ResetRoleInheritance();

against

var items = list.GetItems(camlQuery);
ctx.Load(items);
ctx.ExecuteQuery();
foreach (var item in items)
{
   item.ResetRoleInheritance();
   ctx.ExecuteQuery();
}

Permissions – Issues with Extracting and Saving in SharePoint Online

Similar problem encountered by a SharePoint 13 or 16 user, but not certain that the resolution applies to the online environment, or if there is another problem to be solved, because I have limited control over the online system. exploitation, etc.

I get strange behavior on users' computers when they try to edit an Excel workbook from SharePoint. When the user clicks on the document link, he opens the workbook in Excel Online and everything looks normal except for the fact that he was not prompted to retrieve the document , according to the settings of the document library. They then make several changes, click the Save button in Excel (which seems to do nothing, but the user does not notice it), close the workbook and all their work is lost.

The version that remains in SharePoint is the original version that they opened before making any changes. If they select the ellipse next to the document in the document library, then click the "Advanced" button on the ribbon and then on check-out, it works. And then, to re-record, they must save, then ellipse to Advanced and 'check-in'. The problem only seems to give way to the wrong head when they click on the document link. And this only happens for some users and until now, Excel workbooks were still in the testing phase.

Why is it a bad idea to program user permissions in the program itself?

Why is it a bad idea to put user permission control in a compiled program? (Suppose the program is read-only and in a secure environment)

Is it possible to modify it to make it a good security practice?

To see what I mean, please see the following link from a CTF (it only takes 5 seconds to get the idea).

rest – What is the API, from a user ID, indicating the permissions for a user of a list item ID?

I have an application that must be able to use my SharePoint API to check if a user ADUSERNAME has access to an item in the list. I have the relative URL of the list item server and the object's identity.

I do DO NOT you want to use list item role assignments because this only affects AD groups without their nested permissions. I would have to access Active Directory, which is very painful.

I want it similar to what it does:

The permission checking feature is what I want
That's the feature I want

How to disable apps that are trying to get permissions?

I have downloaded an app for a restaurant that I frequent to accumulate points. When I tell him to show the QR code to scan to the registry, he switches to a screen of my Android settings for "Change System Settings". Of course, this application should not have activity to change the settings of my system, but I have to press Back twice to exit the Settings application and access the QR code.

I am tempted to just copy the QR code offline and import it into another application, but I want to prevent applications from asking for these permissions after already saying no.

Facebook permissions to publish and serve ads, but not to read messages

Hi all

I have a client that I need to manage his publications and his advertisements on Facebook and Instagram, but he does not want me to receive the messages that he receives on Facebook and Instagram (especially Insta ).
Is it a way to set up a business manager on Facebook or any other tool to do it?

thank you very much

Mario

Permissions on the post

If I set a permission on a message to share with one person (specific friends) from my friend list, do all my messages that I create now only have this permission, until I modify it manually before publishing it? Thank you