Hyland Connect

wsupport111 · ‎11-07-2017

Hi,

I am using Alfresco Community and we have had these csv files build up in our repository for a long time

They have been called reset_password_{number}.csv and have contained the login details of all users both internal and external

However only recently all our users have been able to see them

Before this they were not visible by our users and only visible to the admin user

I do not know what the permissions of these files were before this was brought to my attention but when I checked after it was set to inherit permission and was set to the Everyone group.

This may not be related but we have recently enabled Alfresco Share so we can access the sites etc from Windows Explorer by browsing to the {server_ip}/alfresco; would enabling this feature change the permissions in the repository folder?

Please can someone help me

What generates these files?

When do they generate?

Can I stop it?

Why did the permissions change?

How do I stop this from happening again?

Thanks in advance

marktielemans · ‎11-08-2017

Hi Ken,

What version of Alfresco are you using? What authentication subsystems are active?

I'm fairly sure no part of Alfresco would normally generate these files. It might be a modification someone has made and-/or applied to your Alfresco instance. You could check the amps and addons folders to see extensions that you may have.

You could also check the server log to see if there is any mention of a job creating these files, or check the creator of the password files.

I'd highly recommend disabling the creation of and removing these files if you can, but if you can't, you could change the permissions on the containing folder, or the files themselves, to be visible for administrators only.

See: User roles and permissions | Alfresco Documentation

Hyland Connect

reset_password_XX.csv and permissions