Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 201 of 796  Not logged in ELOG logo
New entries since:Thu Jan 1 01:00:00 1970
    icon2.gif   Re: elog program does not respect "Allow edit" list, posted by Heinz Junkes on Fri Apr 26 11:24:21 2019 

Stefan, will send the info off this forum.


Heinz Junkes wrote:

I ask my users where they had the problems and then create a demo for testing.
Thanks Heinz

Stefan Ritt wrote:

So you are telling me that "Restrict edit time" is not working correctly? In order to fix any problem, I have to reproduce it. Can you post a minimel elogd.cfg file with which I can reproduce the problem?


Heinz Junkes wrote:


I meant "read only" by using "Restrict edit time" settings. e.g.

Restrict edit time = 24

I understand this to mean that an entry should not be able to be modified after 24 hours.


Stefan Ritt wrote:

There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.


Heinz Junkes wrote:

Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.


Stefan Ritt wrote:

There are two ways:

1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.

2) Use "Login user = <usr list>" to restrict access to certain users in that list.


Heinz Junkes wrote:

Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz

Heinz Junkes wrote:

submissions via the elog - program can overwrite entries even if the user has no edit rights









    icon2.gif   Re: elog program does not respect "Allow edit" list, posted by Stefan Ritt on Fri Apr 26 17:22:46 2019 

Ok, I found the issue. The "Restrict edit time" is only checked when one clicks on "Edit" in the browser. The elog command line tool does not really an edit, but just submits an entry with an (old) ID. I added a check also for that case so now it should work. The commit is in git.


Heinz Junkes wrote:

Stefan, will send the info off this forum.


Heinz Junkes wrote:

I ask my users where they had the problems and then create a demo for testing.
Thanks Heinz

Stefan Ritt wrote:

So you are telling me that "Restrict edit time" is not working correctly? In order to fix any problem, I have to reproduce it. Can you post a minimel elogd.cfg file with which I can reproduce the problem?


Heinz Junkes wrote:


I meant "read only" by using "Restrict edit time" settings. e.g.

Restrict edit time = 24

I understand this to mean that an entry should not be able to be modified after 24 hours.


Stefan Ritt wrote:

There is no "read only" flag. Please describe what you exactly did. Probably you want "Restrict edit time" for that.


Heinz Junkes wrote:

Thanks for the answer. The real problem is that you can overwrite existing entries even if you have set an entry to "read only", i.e. you have forbidden further editing.


Stefan Ritt wrote:

There are two ways:

1) Use different password files for different logbooks. Each password file contains only those users which have access to that logbook.

2) Use "Login user = <usr list>" to restrict access to certain users in that list.


Heinz Junkes wrote:

Since there's no answer to that.
I am the only one with the problem? Did I just configure something wrong?
Thanks Heinz

Heinz Junkes wrote:

submissions via the elog - program can overwrite entries even if the user has no edit rights










    icon5.gif   Re: elog password access without users, posted by Stefan Ritt on Tue Nov 16 18:07:31 2004 
> i
    icon5.gif   Re: elog password access without users, posted by Stefan Ritt on Tue Nov 16 18:07:31 2004 
> is there a way to set up a logbook so that a password is required to get
> into it, but no username?

Have a look under "Access control" in the manual. What you need is "Read
    icon5.gif   Re: elog password access without users, posted by damon nettles on Tue Nov 16 22:06:29 2004 
> > is there a way to set up a logbook so that a password is required to get
> > into it, but no username?
> Have a look under "Access control" in the manual. What you need is "Read
> Password".

thanks. that seems to get me the functionality i needed. is there any way to
get rid of the username line when using the "Read Password" feature? as it is
now, you can either leave it blank or enter anything you want, so long as you
use the correct password it still works. however, to keep users from getting
confused, i think it would be better to only have a box asking you for the
password and not both the password and username.
    icon2.gif   Re: elog password access without users, posted by Stefan Ritt on Tue Nov 16 22:45:24 2004 
> thanks. that seems to get me the functionality i needed. is there any way to
> get rid of the username line when using the "Read Password" feature?

No, this is an HTTP standard. The dialog box is generated by your browser, and I
do not know any way to prevent it.
    icon2.gif   Re: elog password , attributes and quoting username and password, posted by Yoshio Imai on Thu Nov 11 17:51:49 2010 

Arno Teunisse wrote:

Please Notice that I've put quotes around : -u "username password" ( the documentation shows that this is not necessary) .  But now it failes to see a required attribute.  

Have you tried without the quotes? They may not be allowed!

    icon2.gif   Re: elog password , attributes and quoting username and password, posted by Arno Teunisse on Thu Nov 11 17:57:12 2010 

Arno Teunisse wrote:


When I want to submit an entrie with elog I have the following problem : ( elogd on windows 7 )
D:\MyProgramFiles (x86)\ELOG>elog -v  -h localhost -p 8080 -l "Knowledge Base" -u "arnot 123abc"  -a "Category=info" -a "OS=HP-UX" -a "Subject=Just testing"
Successfully connected to host localhost, port 8080
Request sent to host:
POST /Knowledge+Base/ HTTP/1.0
Content-Type: multipart/form-data; boundary=---------------------------517428C7722E
Host: NTB100744.simac.local
User-Agent: ELOG
Content-Length: 874

Content sent to host:
Content-Disposition: form-data; name="cmd"

Content-Disposition: form-data; name="unm"

arnot 123abc
Content-Disposition: form-data; name="upwd"

Content-Disposition: form-data; name="exp"

Knowledge Base
Content-Disposition: form-data; name="encoding"

Content-Disposition: form-data; name="OS"

Content-Disposition: form-data; name="Subject"

Just testing
Content-Disposition: form-data; name="Text"


Response received:
HTTP/1.1 404 Not Found
Server: ELOG HTTP 2.8.0-2331
Content-Type: text/html;charset=ISO-8859-1
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<title>ELOG error</title>
<link rel="stylesheet" type="text/css" href="default.css">
<table class="dlgframe" width="50%" cellpadding="1" cellspacing="0"<tr><td class="errormsg"><i>Error: Attribute <b>Category</b> not supplied.</i><p>
Please go back and enter the <b>Category</b> field.
<tr><td class="errormsg"><script language="javascript" type="text/javascript">
document.write("<button type=button onClick=history.back()>Back</button>");
Please use your browser's back button to go back

Error: Missing required attribute "Category" 

Please Notice that I've put quotes around : -u "username password" ( the documentation shows that this is not necessary) .  But now it failes to see a required attribute.  

When I leave out the quotes in the -u part , it just hangs despite the -vvv on the server console and the -v option  used in the elog command line. Nothing happens. No output at the server debug screen. 
I'm Not using SSL , nor have i used a certificate. It's just a good old  plain html server. ( As far as i can see )

This is the main section in my config and the section I want to change :
port = 8080
;SSL = 1
;Resource dir = d:/elog.dir
;Logbook dir = d:/elogbooks.dir
CSS = simac1.css
;SMTP host =
SMTP host = vldexc1.simac.local
Title image URL =
Title image = <img border="0" width="25%" src="simac.jpg">
Use Lock = 1   ; When a message is edited an other user will be noticed.
; Please notice : Options Category is now global, and sorted
Options Category = Backup,Database,Filesysteem,Info,Monitoring,Mount,Other,Performance,Security,Upgrade, Add User, IP info, Known Issues,  I-share OchtendControle
Self register = 1  # user can create an account
;Password file = passwd
Admin user = arnot
Logbook Tabs = 0
Protect Selection page = 1
Main Tab = MAIN




; Iedereen mag in het TEXT gedeelte aanpassingen uitvoeren.
Restrict edit = 0

[Knowledge Base]

Comment = <I>Knowledge base</I>
Help URL = help.html
Logfile = c:/Program files/elog/Knowledge_Base.log
; use user level password access

;Login expiration = 10

;Self register = 1  # user can create an account
; How is the time displayed :
Time format = %A, %B %d, %Y, %H:%M

; look and feel
Guest menu commands = List,Back, Find, Login, Help
Guest find menu commands = Find, Login, Help
Date format = %B %d, %Y
List menu commands = List,New,Find,Select,Import,Config,Logout,Last day,Help
; attributes
Attributes = Author, Author Email, Category, Klanten,Machine, OS ,Version,Archive, Subject
Options Archive = boolean
Options OS  = UNIX{10} , AIX {100} , HP-UX{200}, Redhat ES{300}  , Suze{400} , Debian{500}
{10}  Options Version = ALL
{100} Options Version = 5.1,5.2,5.3,6.1,6.2,6.3
{200} Options Version = 11.10,11.20,11.23
{300} Options Version = 4.7,4.8,4.9,5.0,5.1
{400} Options Version = 10.1,10.2,10.3,11.0,11.1,
{500} Options Version = 6.0 (sqeeze),5.0 (lenny),4.0 (etch),3.1 (sarge),3.0 (woody),2.2 (potato),2.1 (slink),2.0 (hamm)
Options Klanten = Frieslandbank{AA} , Arag{BB}, Super de Boer{CC},NRE{DD}
{AA}Options Machine = rc1lphmc01,rc1lptr01,rc1upas02,rc1upas03,rc1upas04,rc1upas05,rc1upas06,rc1upas07,rc1upas08,rc1upas22,rc1upav1,rc1updb05,rc1updb21,rc2lphmc01,rc2lptr01,rc2upas02,rc2upas32,rc2updb31,rc2updw33,rc2uuav1
{BB}Options Machine = Arag-lin1,Arag-lin2,Arag-lin3,Arag-lin4,Arag-lin5,Arag-lin6
{CC}Options Machine = xai61032
{DD}Options Machine = server27,server32,server37,server38,server40

Extendable options = Category, Klanten
Required Attributes = Category, OS ,Subject
List Display =  Subject, Category, Klanten,Machine, OS ,Version,Archive
Thread display = $Subject, entered by $author on $Entry time
Quick filter =  Category, OS,Klanten
Display mode = threaded
; title as shown in the browser
Page Title = Accelerator Logbook - $subject

; preset author and email
Preset Author = $long_name
Preset Author Email = $user_email

; these attributes cannot be changed
Locked Attributes = Author, Author Email

; only author can change its own entry
; See restrict edit in the global section

; options for reply
Subst on reply subject = Re: $subject
;Remove on reply = Author, Author Email
Preset on reply Author = $long_name
Preset on reply Author Email = $user_email

; No Email notification
Suppress Email to users = 1   # 1 = do not send mail , 0 = send mail

Any help will be appreciated .....

 When I leave out the quotes in the -u part , it just hangs despite the -vvv on the server console and the -v option  used in the elog command line. Nothing happens. No output at the server debug screen. 
I'm Not using SSL , nor have i used a certificate. It's just a good old  plain html server. ( As far as i can see )

ELOG V3.1.5-2eba886