Re: [rt-users] Set priority - On queue change

2015-02-12 Thread globo 
Hi Kenneth, 
Thanks for the suggestion. 
Would you have a script that would be able to do this that I could test ? 










--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Set-priority-On-queue-change-tp59579p59583.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

[rt-users] fail2ban With RT

2015-02-12 Thread Matt Brennan 
Good Day,

  I am soon going to be exposing my RT instance on a public IP. It
currently requires VPN access, but users have asked for this to be changed.
As a result, I am trying to implement fail2ban, but am running into some
issues. I'm wondering if anyone else has successfully done this.

  Running fail2ban-regexp against the Apache error log and the fail2ban
filter file show that there are matches, however running fail2ban in debug
mode does not show that it's matching at run time.

  The relevant configs are below. Any help appreciated.

Thanks,
Matt

jail.conf:
[rt-iptables]
enabled  = true
filter   = rtauth
action   = iptables-allports[name=RT, protocol=all]
logpath  = /var/log/apache2/error.log
maxretry = 4
findtime = 21600
bantime  = 86400

filter.d/rtauth.conf:
[INCLUDES]
before = apache-common.conf

[Definition]
failregex = \[.*\] \[[^]]+\] \[error\]: FAILED LOGIN for .* from HOST
\(.*\)$
ignoreregex =

Re: [rt-users] Prevent users from making Comments on tickets

2015-02-12 Thread Alex Peters 
I believe that a user will unconditionally have commenting ability if they
also have the ModifyTicket right, regardless of the state of their
CommentOnTicket right.

You might be able to swap out ModifyTicket and use some finer-grained
rights in its place, depending on what modifications end users actually
need to make.

On 13 February 2015 at 04:06, Cena, Stephen (ext. 300) s...@qvii.com wrote:

  I'm in the process of locking down end-user permissions in our RT
 install. We want it set up so that users can only do Reply, and Admins can
 use Comment and Reply. At present, my end user can't see a Comment in a
 ticket, or an attachment made with a Comment. However, if the user emails
 the Comment address or uses the Comment in the Action drop-down in the
 ticket the entry gets made. The proper visibility of the resulting Comment
 is correct. AFAIK, there are no global permissions for anything (I'm doing
 it al at the queue level for each queue).


 Everyone, Privileged, Unprivileged all have no permissions
 End User perms for queue: CreateTicket, SeeQueue
 Requestor perms for queue: ReplyToTicket, SeeCustomField, SeeQueue,
 ShowTicket, ModifyCustomField, ModifyTicket

 Did I overlook something?

 Stephen J. Cena
 Supervisor/Systems Administrator - MIS/IT Dept
 Quality Vision International
 850 Hudson Ave
 Rochester,NY 14620
 Phone: 585-544-0450 x300
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 Please report email problems to: postmas...@qvii.com

 QVII MIS/IT Dept - We do what we must because we can.
 Thank you for helping us help you help us all.
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Re: [rt-users] Prevent users from adding CC's and AdminCC's to tickets

2015-02-12 Thread Alex Peters 
From the v4.2.7 code, I'm interpreting these rules:

   1. Add/remove anyone if the user has the ModifyTicket right.
   2. Only add/remove self as AdminCc if the user has the WatchAsAdminCc
   right.
   3. Only add/remove self as Cc/Requestor if the user has the Watch right.

The logic is probably the same for all other recent versions of RT, but if
in doubt, take a look at the _HasModifyWatcherRight method in
lib/RT/Ticket.pm.

On 13 February 2015 at 04:26, Cena, Stephen (ext. 300) s...@qvii.com wrote:

  What permissions do I need to remove/enable to prevent users from
 modifying the CC/AdminCC lists (more specifically the AdminCC list). The
 audit trail of when people being added  removed is helpful, but I'd like
 to prevent it outright.

 Stephen J. Cena
 Supervisor/Systems Administrator - MIS/IT Dept
 Quality Vision International
 850 Hudson Ave
 Rochester,NY 14620
 Phone: 585-544-0450 x300
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 Please report email problems to: postmas...@qvii.com

 QVII MIS/IT Dept - We do what we must because we can.
 Thank you for helping us help you help us all.
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Re: [rt-users] Prevent users from making Comments on tickets

2015-02-12 Thread Daniel Schwager 
Hi,

 You might be able to swap out ModifyTicket and use some
 finer-grained rights in its place, depending on what modifications
  end users actually need to make.

what are the equivalent (separate) rights for ModifyTicket?

regards
Danny


From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of 
Alex Peters
Sent: Friday, February 13, 2015 1:11 AM
To: Cena, Stephen (ext. 300)
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Prevent users from making Comments on tickets

I believe that a user will unconditionally have commenting ability if they also 
have the ModifyTicket right, regardless of the state of their CommentOnTicket 
right.

You might be able to swap out ModifyTicket and use some finer-grained rights in 
its place, depending on what modifications end users actually need to make.

On 13 February 2015 at 04:06, Cena, Stephen (ext. 300) 
s...@qvii.commailto:s...@qvii.com wrote:
I'm in the process of locking down end-user permissions in our RT install. We 
want it set up so that users can only do Reply, and Admins can use Comment and 
Reply. At present, my end user can't see a Comment in a ticket, or an 
attachment made with a Comment. However, if the user emails the Comment address 
or uses the Comment in the Action drop-down in the ticket the entry gets made. 
The proper visibility of the resulting Comment is correct. AFAIK, there are no 
global permissions for anything (I'm doing it al at the queue level for each 
queue).




smime.p7s
Description: S/MIME cryptographic signature

[rt-users] Restoring from backup - admins lost privileges

2015-02-12 Thread Andrew Wippler 
I had to restore my MySQL database from a backup. Once I restored the RT 
database, the privileged users no longer had rights.

I found the below snippets to remove/add super user to my account and verify 
privileged users, but they are stuck in self-service mode. How do I get the 
rights returned back to normal?

Granting rights:
perl -I/usr/share/request-tracker4/lib/ -MRT -e'RT::LoadConfig; RT::Init;
  my $u=RT::User-new($RT::SystemUser);
  $u-Load(awippler);
  ($val,$msg) = $u-PrincipalObj-GrantRight(Object= $RT::System, Right = 
SuperUser);
  print $msg\n'

Finding privilege users: (my account is listed)
#!/usr/bin/perl
use lib /usr/share/request-tracker4/lib;
use RT;
use RT::Users ;
use warnings;
RT::LoadConfig(); ## Loading RT config
RT::Init(); ## Initialise RT

my $users = new RT::Users(RT_System);
$users-LimitToPrivileged;

while ( $user = $users-Next) {
print $user-Name ;
}
exit;


Andrew Wippler | Director of IT | Lancaster Baptist Church | Dr. Paul Chappell, 
Pastor

[rt-users] Prevent users from adding CC's and AdminCC's to tickets

2015-02-12 Thread Cena, Stephen (ext. 300) 
What permissions do I need to remove/enable to prevent users from modifying the 
CC/AdminCC lists (more specifically the AdminCC list). The audit trail of when 
people being added  removed is helpful, but I'd like to prevent it outright.

Stephen J. Cena
Supervisor/Systems Administrator - MIS/IT Dept
Quality Vision International
850 Hudson Ave
Rochester,NY 14620
Phone: 585-544-0450 x300
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Please report email problems to: postmas...@qvii.commailto:postmas...@qvii.com

QVII MIS/IT Dept - We do what we must because we can.
Thank you for helping us help you help us all.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

[rt-users] Prevent users from making Comments on tickets

2015-02-12 Thread Cena, Stephen (ext. 300) 
I'm in the process of locking down end-user permissions in our RT install. We 
want it set up so that users can only do Reply, and Admins can use Comment and 
Reply. At present, my end user can't see a Comment in a ticket, or an 
attachment made with a Comment. However, if the user emails the Comment address 
or uses the Comment in the Action drop-down in the ticket the entry gets made. 
The proper visibility of the resulting Comment is correct. AFAIK, there are no 
global permissions for anything (I'm doing it al at the queue level for each 
queue).


Everyone, Privileged, Unprivileged all have no permissions
End User perms for queue: CreateTicket, SeeQueue
Requestor perms for queue: ReplyToTicket, SeeCustomField, SeeQueue, ShowTicket, 
ModifyCustomField, ModifyTicket

Did I overlook something?

Stephen J. Cena
Supervisor/Systems Administrator - MIS/IT Dept
Quality Vision International
850 Hudson Ave
Rochester,NY 14620
Phone: 585-544-0450 x300
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Please report email problems to: postmas...@qvii.commailto:postmas...@qvii.com

QVII MIS/IT Dept - We do what we must because we can.
Thank you for helping us help you help us all.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *