11-07-2017 09:00 AM
Hi,
I am using Alfresco Community and we have had these csv files build up in our repository for a long time
They have been called reset_password_{number}.csv and have contained the login details of all users both internal and external
However only recently all our users have been able to see them
Before this they were not visible by our users and only visible to the admin user
I do not know what the permissions of these files were before this was brought to my attention but when I checked after it was set to inherit permission and was set to the Everyone group.
This may not be related but we have recently enabled Alfresco Share so we can access the sites etc from Windows Explorer by browsing to the {server_ip}/alfresco; would enabling this feature change the permissions in the repository folder?
Please can someone help me
What generates these files?
When do they generate?
Can I stop it?
Why did the permissions change?
How do I stop this from happening again?
Thanks in advance
11-08-2017 12:04 PM
Hi Ken,
What version of Alfresco are you using? What authentication subsystems are active?
I'm fairly sure no part of Alfresco would normally generate these files. It might be a modification someone has made and-/or applied to your Alfresco instance. You could check the amps and addons folders to see extensions that you may have.
You could also check the server log to see if there is any mention of a job creating these files, or check the creator of the password files.
I'd highly recommend disabling the creation of and removing these files if you can, but if you can't, you could change the permissions on the containing folder, or the files themselves, to be visible for administrators only.
Explore our Alfresco products with the links below. Use labels to filter content by product module.