Re: [rt-users] Set priority - On queue change
Hi Kenneth, Thanks for the suggestion. Would you have a script that would be able to do this that I could test ? -- View this message in context: http://requesttracker.8502.n7.nabble.com/Set-priority-On-queue-change-tp59579p59583.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
[rt-users] fail2ban With RT
Good Day, I am soon going to be exposing my RT instance on a public IP. It currently requires VPN access, but users have asked for this to be changed. As a result, I am trying to implement fail2ban, but am running into some issues. I'm wondering if anyone else has successfully done this. Running fail2ban-regexp against the Apache error log and the fail2ban filter file show that there are matches, however running fail2ban in debug mode does not show that it's matching at run time. The relevant configs are below. Any help appreciated. Thanks, Matt jail.conf: [rt-iptables] enabled = true filter = rtauth action = iptables-allports[name=RT, protocol=all] logpath = /var/log/apache2/error.log maxretry = 4 findtime = 21600 bantime = 86400 filter.d/rtauth.conf: [INCLUDES] before = apache-common.conf [Definition] failregex = \[.*\] \[[^]]+\] \[error\]: FAILED LOGIN for .* from HOST \(.*\)$ ignoreregex =
Re: [rt-users] Prevent users from making Comments on tickets
I believe that a user will unconditionally have commenting ability if they also have the ModifyTicket right, regardless of the state of their CommentOnTicket right. You might be able to swap out ModifyTicket and use some finer-grained rights in its place, depending on what modifications end users actually need to make. On 13 February 2015 at 04:06, Cena, Stephen (ext. 300) s...@qvii.com wrote: I'm in the process of locking down end-user permissions in our RT install. We want it set up so that users can only do Reply, and Admins can use Comment and Reply. At present, my end user can't see a Comment in a ticket, or an attachment made with a Comment. However, if the user emails the Comment address or uses the Comment in the Action drop-down in the ticket the entry gets made. The proper visibility of the resulting Comment is correct. AFAIK, there are no global permissions for anything (I'm doing it al at the queue level for each queue). Everyone, Privileged, Unprivileged all have no permissions End User perms for queue: CreateTicket, SeeQueue Requestor perms for queue: ReplyToTicket, SeeCustomField, SeeQueue, ShowTicket, ModifyCustomField, ModifyTicket Did I overlook something? Stephen J. Cena Supervisor/Systems Administrator - MIS/IT Dept Quality Vision International 850 Hudson Ave Rochester,NY 14620 Phone: 585-544-0450 x300 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Please report email problems to: postmas...@qvii.com QVII MIS/IT Dept - We do what we must because we can. Thank you for helping us help you help us all. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Re: [rt-users] Prevent users from adding CC's and AdminCC's to tickets
From the v4.2.7 code, I'm interpreting these rules: 1. Add/remove anyone if the user has the ModifyTicket right. 2. Only add/remove self as AdminCc if the user has the WatchAsAdminCc right. 3. Only add/remove self as Cc/Requestor if the user has the Watch right. The logic is probably the same for all other recent versions of RT, but if in doubt, take a look at the _HasModifyWatcherRight method in lib/RT/Ticket.pm. On 13 February 2015 at 04:26, Cena, Stephen (ext. 300) s...@qvii.com wrote: What permissions do I need to remove/enable to prevent users from modifying the CC/AdminCC lists (more specifically the AdminCC list). The audit trail of when people being added removed is helpful, but I'd like to prevent it outright. Stephen J. Cena Supervisor/Systems Administrator - MIS/IT Dept Quality Vision International 850 Hudson Ave Rochester,NY 14620 Phone: 585-544-0450 x300 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Please report email problems to: postmas...@qvii.com QVII MIS/IT Dept - We do what we must because we can. Thank you for helping us help you help us all. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Re: [rt-users] Prevent users from making Comments on tickets
Hi, You might be able to swap out ModifyTicket and use some finer-grained rights in its place, depending on what modifications end users actually need to make. what are the equivalent (separate) rights for ModifyTicket? regards Danny From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Alex Peters Sent: Friday, February 13, 2015 1:11 AM To: Cena, Stephen (ext. 300) Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Prevent users from making Comments on tickets I believe that a user will unconditionally have commenting ability if they also have the ModifyTicket right, regardless of the state of their CommentOnTicket right. You might be able to swap out ModifyTicket and use some finer-grained rights in its place, depending on what modifications end users actually need to make. On 13 February 2015 at 04:06, Cena, Stephen (ext. 300) s...@qvii.commailto:s...@qvii.com wrote: I'm in the process of locking down end-user permissions in our RT install. We want it set up so that users can only do Reply, and Admins can use Comment and Reply. At present, my end user can't see a Comment in a ticket, or an attachment made with a Comment. However, if the user emails the Comment address or uses the Comment in the Action drop-down in the ticket the entry gets made. The proper visibility of the resulting Comment is correct. AFAIK, there are no global permissions for anything (I'm doing it al at the queue level for each queue). smime.p7s Description: S/MIME cryptographic signature
[rt-users] Restoring from backup - admins lost privileges
I had to restore my MySQL database from a backup. Once I restored the RT database, the privileged users no longer had rights. I found the below snippets to remove/add super user to my account and verify privileged users, but they are stuck in self-service mode. How do I get the rights returned back to normal? Granting rights: perl -I/usr/share/request-tracker4/lib/ -MRT -e'RT::LoadConfig; RT::Init; my $u=RT::User-new($RT::SystemUser); $u-Load(awippler); ($val,$msg) = $u-PrincipalObj-GrantRight(Object= $RT::System, Right = SuperUser); print $msg\n' Finding privilege users: (my account is listed) #!/usr/bin/perl use lib /usr/share/request-tracker4/lib; use RT; use RT::Users ; use warnings; RT::LoadConfig(); ## Loading RT config RT::Init(); ## Initialise RT my $users = new RT::Users(RT_System); $users-LimitToPrivileged; while ( $user = $users-Next) { print $user-Name ; } exit; Andrew Wippler | Director of IT | Lancaster Baptist Church | Dr. Paul Chappell, Pastor
[rt-users] Prevent users from adding CC's and AdminCC's to tickets
What permissions do I need to remove/enable to prevent users from modifying the CC/AdminCC lists (more specifically the AdminCC list). The audit trail of when people being added removed is helpful, but I'd like to prevent it outright. Stephen J. Cena Supervisor/Systems Administrator - MIS/IT Dept Quality Vision International 850 Hudson Ave Rochester,NY 14620 Phone: 585-544-0450 x300 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Please report email problems to: postmas...@qvii.commailto:postmas...@qvii.com QVII MIS/IT Dept - We do what we must because we can. Thank you for helping us help you help us all. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
[rt-users] Prevent users from making Comments on tickets
I'm in the process of locking down end-user permissions in our RT install. We want it set up so that users can only do Reply, and Admins can use Comment and Reply. At present, my end user can't see a Comment in a ticket, or an attachment made with a Comment. However, if the user emails the Comment address or uses the Comment in the Action drop-down in the ticket the entry gets made. The proper visibility of the resulting Comment is correct. AFAIK, there are no global permissions for anything (I'm doing it al at the queue level for each queue). Everyone, Privileged, Unprivileged all have no permissions End User perms for queue: CreateTicket, SeeQueue Requestor perms for queue: ReplyToTicket, SeeCustomField, SeeQueue, ShowTicket, ModifyCustomField, ModifyTicket Did I overlook something? Stephen J. Cena Supervisor/Systems Administrator - MIS/IT Dept Quality Vision International 850 Hudson Ave Rochester,NY 14620 Phone: 585-544-0450 x300 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Please report email problems to: postmas...@qvii.commailto:postmas...@qvii.com QVII MIS/IT Dept - We do what we must because we can. Thank you for helping us help you help us all. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *