Debian Configuration :: Can't Use /bin/false As Shell For FTP Users?
Feb 2, 2010
I have vsftpd installed on my Debian (squeeze). I wish to let a local user (ftp) access the FTP server, but not login as normal user through SSH. In vsftpd.conf, I have enabed local user and chroot. I have also changed the shell of the local user (ftp) to /bin/false. The problem is that, I cannot login the FTP server from another computer (I login as "ftp" on a Windows machine). But when I change the shell of the local user (ftp) to /bin/sh, I can login the FTP successfully.
Is this the problem of Windows, or I should use something else instead of /bin/false if I want to prevent "ftp" login service other than FTP?
I have Debian 8 installed, using: * gdm3 as the default display manager (set up in "/etc/X11/default-display-manager"); * LXDE as the default desktop environment.
I did "dpkg-reconfigure locales" and I selected three languages: "en_US.UTF-8", "it_IT.UTF-8", "sv_SE.UTF-8" (the predefined one is "it_IT.UTF-8").Now I wish to create two more users each with a different language (both for X and console applications).I did a lot of googling without success; I tried modifying ~/.profile or ~/.dmrc (adding "export LANG=...") but they didn't work. I was able to change only the system-wide language, not the one of a single user.I got the conclusion that It's not possible to have multiple users each with a different language. Is it true?
I made another try.In another installation (Debian 8, with GNOME and LXDE) I created two users:antonio, ida.The former has only one hidden file in its home-dir: ".bashrc" with "LANG=it_IT.UTF-8" as the last line (no "export $LANG" added).The latter ("ida") has only two hidden files in its home-dir:
1. ".bashrc" clean, with no "LANG=it_IT.UTF-8" line 2. ".dmrc" containing two lines:
Language=sv_SE.utf8.I put "/usr/sbin/gdm3" in "/etc/X11/default-display-manager".After reboot both users are OK: each of them displays its own language: antonio has all menus and programs in italian ida has all menus and programs in swedish.
I was able to create 4 users with 4 languages (SE, IT, FR, ES). Then I deleted all directory and files (including "~/.bashrc" and "~/.dmrc") of one user, rebooted the PC, and NOTHING changed! So, where is stored the user's language?Not in his home; there is a list elsewere?
0. Use "lightdm" (not "gdm3") as the display manager (see "/etc/X11/default-display-manager") To install it: su -c "apt-get install lightdm" 1. su -c "dpkg-reconfigure locales" (select the desired locales: en_US.UTF-8, it_IT.UTF-8, sv_SE.UTF-8, etc; set "default locale for the system environment=None") 2. su -c "adduser emil" ("emil" is the name of a swedish user) 3. Logout 4. Select "Swedish" as default language (see at the top-right corner of the screen) 5. Write user name (emil) and password to login 6. After login, language is english (but file "~/.dmrc" is created with the correct language). 7. Reboot PC. 8. After reboot, login again as "emil": now language is Swedish
Now you can change the display manager to gdm3 if you prefer.To change applications language: su -c "apt-get install task-swedish task-swedish-desktop"
I found the file containing the user's language: it's the same containing the link to its icon:/var/lib/AccountsService/users/UserName.(needs "apt-get install accountsservice"). Editing that file is much simpler as I described earlier
I'm newbie on Debian, and I just installed Debian 8.2. (I used to run openSuse, and I see Debian is quite different.)
Where should I set environment variables (like PATH or JAVA_HOME) in order to affect all users?
I read some documentation about that, but It is not clear for me, the difference among "/etc/environment", "/etc/bash.bashrc" and "/etc/profile".
(In openSuse, I used to create a file "/etc/bash.bashrc.local" and set the environment variables there, in order these settings are not lost with updates.)
i would like to prevent all users other than the user "parker" on my system from using the su or sudo commands. I have not attempted to modify the sudoers file so it just contains the standard root ALL = (ALL) ALL.
It looks like my web/ftp server has been hacked but I'm not sure how. I logged in tonight and found I had new mail. I read it and found some e-mails that had failed to send because I don't have mail setup (luckily). The e-mails were trying to send my user name and password to the e-mail address lostsoul2k@ymail.comI've no idea where to start, I use SSH, FTP now and then and it hosts a Wordpress site. The FTP users do not have access via SSH, only my user ID. However, the e-mails also contained another user ID that only has FTP access to the server.I've looked through the logs for rkhunter but it doesn't look like it found anything.
I have a USB stick, formatted as FAT32 and I assumed that everybody would be able to read from and write to it. However, I find that if more than one person is logged on to the machine (logged on locally, with "Switch User"), then only one of the users is allowed to write to the stick, and the other users are only allowed to read from it. Is that normal?
Here's the scenario: person A logs into the machine, is in the middle of something but gets called away and the screensaver kicks in. The screen is now locked. Person B comes to the machine to quickly copy a file onto a USB stick, doesn't know person A's password so does a "Switch User" and logs in as themselves. They plug in the stick, can read from it, but can't write to the stick at all. Permission denied.
By doing a "ls -l /media", person B can see that the stick is mounted but is owned by personA with permissions drwxr-xr-x . So only person A can write to the stick. I haven't done extensive testing but it seems to be the person who logged on first who gets to own the stick. It's certainly repeatable as described above. And it's really annoying, because unless person B knows the root password, he can't write to the stick. As a real last resort person B could reboot the computer but he doesn't know whether person A has any important stuff open or not.
I have an old server running CentOS 5. The encription method used was the default MD5 for the shadow file. I would like to migrate the server to Debian Squeeze which uses SHA512. I have already copied the passwd, group and shadow file with the user accounts information but the Debian machine doesn't let the users login. I have already looked in the pam files to make it accept the MD5 encryption without any luck. how can i migrate the users without resetting their passwords?
i've written a bash script to add new users to our system. the script works so I won't bother you all about that. when a new user is created with it, they can immediately login to our domain from any terminal, which is good. However, the newly created user is unable to login to debian at all, and so cannot access the server. when attempting to do so, they get a message like "the system administrator has disabled your account". This is a good thing really as normal users have no need for debian login, but I do need to add a few admin users who will need direct access to the server machine.
This is the code I'm using to add the user. The rest of my script is just a wrapper and GUI. I figure the login shell may have something to do with it, so I tried changing the shell of a user to the default /bin/bash. This resulted in the user being able to login - sort of. Gnome doesn't load though, and there's a cascade of errors across the screen about things failing to save or load settings. mostly stuff like nautilus, X, and gnome. the desktop background is black and there's no interface. Logging in with a previously existing account works fine though. Clearly I have an issue somewhere.
I did a 'netinst' today and de-selected every available option when I got to the 'software selection' screen (even 'Standard System & 'Desktop Environment') however after a fresh install, I noticed what seemed to me like useless / unnecessary system user accounts:
- news - games - www-data (obviously no Apache is installed)
I was wondering if there was a way to avoid this from a minimal install?
I have 2 users on my HPmini 210 netbook running Squeeze. I just found out that it does not connect to existing wireless networks when I login as the second user. Is it supposed to happen by default or am I supposed to do something to make that happen? Another problem is that when I tried to create "new connections" again for the second user, the keys won't work. The same keys are working for the first user. The network keys are WEP 64 bit HEX.
I need to set up quotas so each user has a limit of 20GB (soft could be 15GB) on their homes.Is there a way to set up a default quota for all the users, or do i have to do this for the 345982374058 users in my system manually?would group quotas help? (i dont understand much of these type of quota)
I need to add another user besides the one set up during the installation procedure but I also need to limit all users to use only their own /home/user directory.
I have setup Postfix + Dovecot on my basic debian 5 server. If I send a message to a localuser@mydomain.com from mutt, it delivers just fine and is visible when viewed through squirrelmail, I can also send just fine.
My issue is that irrespective of what options I set in main.cf, I cannot for the life of me get Postfix to stop erroring with "Recipient address rejected: User unknown in virtual alias table". I'm stumped.
My main.cf is as follows code...
I do not want to setup virtual hosting with MySQL or similar, I literally want to receive mail in local users mailboxes for a single domain. Any ideas on what's missing?
I have two machines running SQUEEZE, both installed and configured within the same week (not simultaneously). Both get the users info from a NIS server. In one of the machines (named "corona"), users cannot login, neither locally nor by ssh, in the other one ("xxlager") there is no problem. Both mount the users home directories by NFS. I have not found much useful info in the web. /etc/passwd, /etc/group/, /etc/shadow, are equally configured. The only difference I have found is when I use getent. Using "getent passwd isaenz" on xxlager yields:
isaenz:x:1001:1001:User Name,,,:/home/isaenz:/bin/tcsh but on corona the result is isaenz:x:1001:1001:User Name,,,:/home/isaenz: so the shell info is empty. Checking /var/log/auth.log I see a message saying: "User isaenz not allowed because shell does not exist"
But "ypmatch isaenz passwd" returns complete information for isaenz, both on xxlager and corona.
I'm trying to follow the exim documentation to allow suffixes on mailboxes for all users. For example, if user@domain is a mailbox, I want all mail directed to user-*@domain to be delivered user@domain. I've got the split-config-files option and have edited /etc/exim4/conf.d/router/600 to include local_part_suffix lines as follows:
I am getting more and more comfortable working with the shell, thus I would like to change its prompt color to my liking, as it will be easier for me to distinguish commands vs. outputs.
I've read a couple of instructions of how to change the .bashrc file and am familiar with what the codes in PS1 mean. Except, this file can be intimidating to newbie eyes.
Where exactly on the file is it that I need to make the change?
Here is what I am trying to do. I would like my prompt to like exactly like the prompt I use in Backtrack - which consist in two different colors, one for the host and another for the pwd. Here is what the Backtrack .bashrc file looks like:
# /etc/profile: This file contains system-wide defaults used by # all Bourne (and related) shells. # Set the values for some environment variables: export MINICOM="-c on" export MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man:/usr/local/share/man:/usr/bin/man:/usr/share/man export HOSTNAME="`cat /etc/HOSTNAME`"
[Code]....
I also read that in order to have the same results when I log in as root, I will have to copy the modified .bashrc file into /root
I have an Ubuntu 11.04 instance running on Amazon EC2. I am currently using it as an SSH tunnel/SOCKS proxy. Most of my Net activity is on a Windows 7 machine running PuTTY. This setup is working very well. So well that a few of my friends have expressed interest in accessing it. Question is, how do I share this proxy, without giving away my private key and root access? I would like to limit users to only being able to set up an SSH tunnel/SOCKS proxy, with no shell access. What other security measures would you recommend for such a setup? I googled a bit and saw references to rbash and chroot. I have already changed the SSH port, and set the EC2 firewall to allow inbound SSH only from my ISP's address range. My friends use the same ISP. They would probably be running Windows 7/Vista, and PuTTY too.
I have a CentOS dedicated server running ProFTP. I have created user accounts which are meant for FTP access only but the users cannot connect to the FTP unless their shell access is /bin/bash
Here is an example line that is outputted when I use this command:
This user can access the FTP fine, but he can also access SSH which I don't want to allow him to do. If I set his shell access to /bin/false then he can't connect to the FTP.
What can I use in instead of /bin/bash to allow FTP but don't allow SSH?
I came across this script a while back that i found. What i want to do is edit the script to create a default web page in /var/www/html a new user is added through the script.What the script does now is adds a user and sets a password for the user. What possible way (either through a combination of python or c or some other language) could i add to the shell script to do this? I've tried just dointhe command to touch index.html /var/www/html but it puts it on the desktop. Here's the script....
Code: #!/bin/bash # Script to add a user to Linux system
I was planning on using my VPS to grant some of my friends shells. The problem though is that I don't want them doing crazy stuff on it, like using up all my RAM or disk space. I would like to limit them to a very small 25 mb disk space, and allow them only certain application in /usr/bin like python perl irssi screen etc. I do NOT want them to be able to cd out of their home directory. I really want this to be setup like the shell provider SHellium. I can setup the FTP and SSH stuff myself.
I have a box that's used as an SFTP server. All users have restricted shell so they can only use SFTP to send and receive files. But it makes it hard to have them change their passwords. I thought that if we had a web page set up where the user could enter their username, old password, new password and confirmed new password, that this would be the easiest solution.
I'm on ubuntu 10.4 and Cant seem to falsely authenticate myself with my AP. I am trying to break a wep key on one of my older linksys routers; It continues to say this:
Code: root@kevin-laptop:/home/kevin# aireplay-ng -1 1 -a xx:xx:xx:xx:xx:xx mon1 No source MAC (-h) specified. Using the device MAC (xx:xx:xx:xx:xx:xx) 11:39:16 Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 6 11:39:16 Sending Authentication Request (Open System) [ACK] 11:39:18 Sending Authentication Request (Open System) [ACK] 11:39:20 Sending Authentication Request (Open System) [ACK]
Attack was unsuccessful. Possible reasons: * Perhaps MAC address filtering is enabled. * Check that the BSSID (-a option) is correct. * Try to change the number of packets (-o option). * The driver/card doesn't support injection. * This attack sometimes fails against some APs. * The card is not on the same channel as the AP. * You're too far from the AP. Get closer, or lower the transmit rate.
root@kevin-laptop:/home/kevin# I'm using an eeepc 701 it has an Atheros card and does injection. I have also tried it with backrack 4 and it works perfectly (it falsely authenticates with the ap and decrypts the wep key) I just cant seem to get it to work on ubuntu 10.4. Could it be a kernel issue? I found out that there is a bug in the new(er) kernel(s). If you use an older kernel (I used 2.6.31-14 which can be found here) and it magically works.
I have just been checking one of my machines with rkhunter and got the following result:
Code: [17:50:08] Warning: Checking for possible rootkit strings [ Warning ] [17:50:09] Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible rootkit: Xzibit Rootkit [17:50:09] Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit
Using a well known search engine shows that others have come across this before: [URL] I have installed the current version of rkhunter from Debian's Unstable repo,but i still have the same result as above. I now check the rkhunter wiki,which mentions the same problem: [URL]
Quote: Here is an example on my system to remove a false positive for a certain rootkit that hit hdparm.
Chkrootkit came back ok. Running ClamAV and will only add that here if it finds anything. I just neve remember seeing these before. This is in Ubuntu 10.10
I'm looking to customize the environment for new users by changing the items in the GNOME menu, change the panel layout, add some shortcuts, and do a few other things. I looked in /etc/skel and there doesn't seem to be anything GNOME related in there; I also tried to put .gconf, .gconfd and .gnome2 from my home directory into /etc/skel and that didn't do what I wanted.
