I am looking to create a user to be able to do WinSCP or SSH into the system and only be able to see /var/www/html/joomla/ and that is it. I don't want them to be able to start or stop service but be able to upload and download files to the specific directory or change privileges of the mentioned directory. Is that possible? what commands should I run.
View 1 RepliesBecause I keep a lot of data on a Netgear ReadyNAS which can be presented as a NFS server, I would like to have the default CentOS user have a uid and gid that match those for the user that owns the main NFS share. That way I can treat it as if it were a directory that I owned on the local machine. I'm probably going to install CentOS 5.3 over again to get a totally clean system. What is the neatest way to ensure that the default user has the desired uid and gid? Or is there a better way to work with the NAS? (Right now I'm running it with CIFS shares, but these are quirky and do not behave quite like a local file system, I'm hoping that NFS would be more consistent, but previously attempts to run NFS were hampered by different uid and gid values).
View 1 Replies View RelatedI know if I run repquota -a I can see the quotas set for all users.How do I modify the quota for a specific user?So say the output for john is:User used soft hard grace used soft hard grace----------------------------------------------------------------------john.someth -- 122844 51200 51200 4995 0 0How do I make his block limits 0 so they are unlimited?
View 1 Replies View RelatedI have created a ftp user in centos 5,but it got all permissions to delete files in other location,view the entire directory and create any folder in every place. How to deny this permissions to the particular user.And please help me to give permissions only to a specified location given by the root.
View 4 Replies View RelatedI am looking into 1026TT-TF and 6016TT-TF for a CentOS 5.4 or 5.5 64bit installation:
SuperMicro 6016TT-TF
SuperMicro 1026TT-TF
It will be used as a Web-server mostly. Since they are twin nodes, one node will be one strong firewall. I have been checking all over and I can't find any driver, bios, or issues with this specific motherboard from Supermicro and Intel 5500/5600 series CPUs. Is there anything that would concern you with these servers?
I am also looking to put in a 4-port Gigabit LAN card into one node which I doubt makes any difference in the whole equation. Further more, and most importantly, the first one takes only 2.5" HDDs and the second option accepts 3.5" HDDs. Other than size availability and price, are there any concerns regarding performance when chosing one over the other? System which accepts 3.5" HDDs only takes two per node so I have to opt for 1TB drives. For the 2.5" system I can go with 4 of 2.5" HDDs of 500GB in size. Either of options selected will be setup in RAID-1.
I am installing a cluster which is hidden from the rest of the world and there is no router either froma general login node. I would therefore require a local repository of the updates to CentOS5.4. When I checked I only found instructions for a full mirror. As I have no room and neither the human resources to setup and maintain a full-blown mirror, this is not a solution. However if I try to find updates for 5.4 to download in a repository-type of way I fail to find a solution. Maybe I am just not looking in the right places.
View 1 Replies View Relatedi am using openssh 5.2-p1, i want to restrict user "admin" to login to the server from a specific IP address, for this purpose i have tried the following blocks in sshd_config file.Following is the part of the sshd_config file which i have modified
#The following commands will only allow specific IP to login to ssh.
#AllowUsers admin user1 user2
#AllowGroups
# override default of no subsystems.Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /home
AllowTCPForwarding no[code].....
i want to restrict admin user to login to the server only from 172.16.100.221 IP which can be done by using AllowUser line, but i dont want to use AllowUser line,
how can i view/monitor what a user is typing in other terminals in centos?
View 1 Replies View RelatedCurrently as a part of an assignment I need to implement a reverse shell on a linux system. The system details are -Quote:Linux Kernal Version - 2.6Database - MySQLUsing web-server I could upload a php file which could execute the command on behalf of me. Now, I want to get root access so that I can get access to system's core files.My sample php file -
PHP Code:
<?php
if((!empty($_GET['cmd']) && isSet($_GET['cmd'])))
[code]....
I adjusted some settings in the desktop settings folder in KDE. I had only one user account on the machine. Next time I rebooted I could not log into KDE (it kept bombing out). I had to log into the console. Finally I managed to create a new account with useradd but this user cannot sudo
My problem is that my home directory is encrypted, so I need a new user with sudo privileges to delete all the kde files and folders in my original users home directory so that I can start with a new KDE setup (which won�t be a bad thing since I tinkered a lot).
How can I add sudo privileges to the new account (I presume I can do it by logging in with my sudo account in a terminal login?
This is my first thread ever to make on the linux forum, and I just began using linux Ubuntu Lucid for my server. Please bare with me because I think I am questioning such a basic question. How do you give sftp root privilege to user? I've made group "admin" and made 2 users under that group. Trying to upload a file onto a server using SFTP with one of the user and it fails and says "Permission denied."
I gave full sudo/root permission to the group "admin" from /usr/sbin/visudo I mainly use Tranmit4 but I also have filezilla. Or is there a way to run sudo command on either ftp client application?
Problem: The user wants to execute startx gets error message:[Tester @ asparanoix64 ~] $ startxxauth: creating new authority file / home/tester/.serverauth.17457Fatal server error:PAM authentication failed, can not start the X server.Perhaps you have not the console ownership?Question:How can I add a user to be able to run the X server?For debian / ubuntu is declared in the file / etc/X11/Xwrapper.config by assigning the following options: allowed_users =...
View 3 Replies View RelatedI have Installed centos 5.3 and enabled virtualization on it. now i want to create virtual mechine , while trying this im getting following errors :i have used virt-install command then it has asked some questions and i have answered them of what ram , location e.t.c .. after that a warning came reagarding partition , then an error came like : input / output error during read on /dev/xvda i have ignored this error and continued installation at last i have got an error:like LVM operation failed : vgcreate failed for volgroup00 , the installer will now exit.
View 1 Replies View Related[code]...
What/where is this eth0 interface? Is it possible I can direct PXE boot to use different interface?
I have an Asterisk-server with 2 interfaces, a WAN-interface (eth1) and a LAN-interface (eth0).
SETUP :
IAX-provider(internet) --> firewall --> Asterisk-server --> switch --> clients_on_LAN
So everything coming from the IAX-provider on port 4569 is forwarded to the Asterisk-server's WAN-interface (eth1).
This needs then be routed to an internal SIP-phone (an IVR-system will define which one) via eth0.
When a call is initiated from an internal SIP-phone (they register to the IP-address assigned to eth0) it needs to be routed via eth1 to the gateway (192.168.4.250). Asterisk will setup an IAX-channel on WAN-interface (eth1) to the IAX-provider (via gateway).
So... will this work :
route add -net ip_IAXprovider netmask 255.255.255.0 gw 192.168.4.250 dev eth1
I got to establish an OpenVPN connection between two server and I have dhcpd on the client server which feeds a few SIP phones. All these phones are supposed to the register server through the tunnel.Here is the network structure:
Client CentOS:
eth0: 192.168.0.0/24
eth1:192.168.100.0/24
tun0:172.15.0.0/24
DHCPD: feeding above eth1 and all the phones with 192.168.100.0/24
If I ping 172.15.0.1 from the the Client CentOS it works all fine. Everything pings and I can even do SSH. However, the phones which obtain their ip through eth1 on the same server can not reach the 172.15.0.1. I think it's a route issue here. Can you please guide me to the right direction as to how to forward certain traffic through tun0 and leave the rest of the traffic to go through eth0?
I don't want to turn on IPTABLES as this is time consuming for me now and there is VPN setup. It has to do with setting up the routing but I am not sure.
I have centos 5 installed. and i use a firefox 3.6 browser on it. the problem is that whenever i open some sites like facebook, or easyxdm.com, or some others, the screen just gets hung up and the os either restarts or remains hung up.
View 2 Replies View RelatedI run a bunch of CentOS 5.6 servers, where we continuously deploy our software. Our software comes in self-made rpm packages from a network-local yum repository. As bugs happen in software development, I sometimes want to downgrade to the previous release, so force the installation of a specific version of the package.I tried the allow-downgrade plugin, but so far no luck. Neither yum update nor yum install seem to work with allow-downgrade. (It does not seem to do anything?). Does anyone have a working example for yum --allow-downgrade?
This is what I tried:
1) Show current yum version
[root]# yum --version
[code]....
I want to lock the filesystem based on user basics, In effect only specific users should have write access. This need to done apart from normal permission setup.
In Detail:
filesystem: /app
application users: appuser1 & appuser2
Normal users: user1 user1
Required: Only app users need to have write permission over app file system, this should done apart from the normal directory permissions. The all other users can able to view the contents even though other users have write permission based on permissions.
This need to done by over ridding the normal permission setup.
How do I give permission to a logged in user to stop/start a specific service without entering a root/sudo password? So they can do a simple "service SomeService stop|start" It is for a headless Ubuntu server.
View 5 Replies View RelatedI followed the instructions here: [URL] and then here: [URL] and installed the necessary packages. But when I try building the minimal image as a test, I get lots of errors, as seen in the attached build log. There are lots of things that don't seem to work. Is this project at a state where it's not currently usable? Or do I have a problem with my system configuration? I was running at root.
[root@localhost test]# LANG=C livecd-creator --config=centos-livecd-minimal.ks --fslabel=CentOS-minimal
Filesystem label=CentOS-minimal
OS type: Linux
Block size=4096 (log=2)
[code]....
I had configured raid 5 in centos on my testing PC. Recently one of its harddrive fails. So I decided to insert a new in replacement of it.Secondly i would like to know how to create manual partition using terminal. I thought using fdisk /dev/hdb is thw way but it confise me because in this i have to give block size or start and end cylinders which is very confiusing, Any idea how to make fixed size partition like 10GB or more.
View 1 Replies View Relatedmy system I want user1 and only user1 to be able to mount and unmount a specific partition, this partition contains backups and is usually mounted read only, needs to be temporarily mounted read/write by user1 while doing the backup.user1 is an unprivileged user. I've read that the user option will let any user mount the file-system (and only that user can then subsequently unmount it) and that the users option allows any user to mount or unmount the file-system.I also found this in mount's man pageQuote:The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.So it looks like I'd need a login script for that user to make the user owner of the device file (/dev/voiceserv/backup in this case)
View 7 Replies View RelatedI've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.
If that cannot be done, is it possible to disable LDAP root user to access these machines?
Now that IPv6 is becoming more and more common, I found the need to disable IPv6 on some interfaces but have it enabled on other. I found that /proc/sys/net/ipv6/conf/*/disable_ipv6 does exactly that. I am now wondering if anybody knows, why are networking scripts so counterintuitive. /etc/sysconfig/network has an option:
NETWORKING_IPV6=yes
All this option does is disable some ipv6 services (dhcpv6...), it does not disable IPv6 in whole (as one would assume...that's why you had to disable it with module parameters). Searching for more IP6 related config option, one can find that /etc/sysconfig/network-scripts/ifcfg-* scripts can contain:
IPV6INIT=yes
Again, this option does not disable IPv6 protocol on the interface, it just skips running ifup-ipv6/ifdown-ipv6 scripts. I added a /sbin/ifup-pre-local. Now, this script runs before ethX entries are created (other scripts run when it's already too late) in /proc directory, so it modifies default values which are then used after those entries are created:
#!/bin/bash
#
[ -f "/etc/sysconfig/network-scripts/$1" ] && . /etc/sysconfig/network-scripts/$1
[code]...
I have just finished installing (after hard work ) Centos 5.4 x86 configured with Snort & Snorby as frontend web, i would like to create from this installation kind of image that could fit to almost any hardware type.
View 2 Replies View RelatedI had installed PHP using yum install php. I am trying to use the pdf_new function to create pdfs from existing text files, but I get this error PHP Fatal error: Call to undefined function pdf_new()I have noticed that when I run the phpinfo() command, I cannot find the PDF phrase at all. My php.ini file does not even have these two linesextension=php_pdf.dll extension=php_cpdf.dll kind of command I should use if I need to build PDFs using PHP on Centos 5?
View 1 Replies View RelatedI am new to linux, running a brand new centos 5.2 server. One application I want to use it for is to serve as a network host for a game my friends and I enjoy. Normally, to run the game in host mode you call the binary and pass it a port number (along with other options). To host a second instance of the game, same thing different port, you get the idea.
After doing that the binary runs in your window and dumps to stdout, so if you want it to run 24/7 you have to come up with your own strategy like nohup. Fair enough, now, I'm trying to coax the game into restarting automatically upon reboot. The most correct way to do this seemed to be to write a script for init.d so that's the road I traveled down. Now, to strain the metaphor, the pavement has ended and I'm stuck in the sand.
Here begin my questions:
I've been following the structure of other init.d scripts and I notice they all seem to call the function daemon() (contained in /etc/init.d/functions) to start their services. Looking at the structure of daemon() I see that you can pass it a user and a pidfile. The user part seems to work fine, but no pidfile is created. Let me be more specific.
Like the other scripts, I explicitly touch /var/lock/subsys/game-port on startup, which works fine. However, all of those other services seem to have a pidfile in /var/run and mine doesn't. They don't create it explicitly in their init.d script therefore I assume that some other process is creating the pidfile. At first I thought it would be the call to daemon(), since you have the option of passing it --pidfile, but that doesn't seem to work.
Are the services themselves creating the pidfile? If that's the case then I have more complications because the game binary apparently doesn't do this. Second question but probably related to the first. None of the other init.d scripts I looked at seem to do anything special to detach their services from a particular terminal session, therefore I didn't think that I would need to either.
Again I thought this was something the call to daemon() might accomplish, but either I'm wrong or I'm doing something wrong. I can probably work around this with nohup or appending '&' or something, but I'm just curious that other services like crond, sshd, named, etc., don't seem to do this. Are they determining this behavior from within the binaries themselves? I hope this is clear, as I said I'm new so I may not be getting all of the terminology correct.
Wondering if the internal network will benefit of connecting to a local DNS server, rather than my ISP dns server. Can I create this local DNS server, without having an external domain, pointing to my server ?
All I want is faster lookup of known hostnames, both internally (hostnames) and externaly (cnn.com etc..)
I have a file with tens of thousands of lines. I need to remove specific letters eg eggs, from every line that has the letters in it. Is there a command which can help me do that easily?
View 4 Replies View Related