I want to limit the amount of connections a user can make outside of the box per user group, should I be doing this via iptables or what? aka:
group1 can only have 2 simultaneous outbound connections
group2 can only have 8
I try to create squeeze live usb-hdd and try to add additional group using this script in config/chroot_local-hooks:#!/bin/sh
# Give VIEW_USB access to the USB devices to allow USB redirection
VIEW_USB="/usr/lib/vmware/vmware-view-usb"
if [ -x "$VIEW_USB" ]; then
if [ -e /proc/bus/usb ]; then
groupadd usb 2>/dev/null || : # Do not error if group already exists
[code].....
I am trying to add an OpenVPN connection from the Network Connections GUI. The problem is everything is greyed out when I am logged on as a user. When I log in the GUI as root I can create the OpenVPN connection no problems. The problem with that is the option to use my newly created VPN connect does not appear when I log back into my user. I have tried adding my user into the sudoers file to no avail.
How can I give my user privileges to add OpenVPN connections?
How can I create a user group that restricts Internet privileges to only members in the group, then I will assigns certain applications to join the group for access to the Internet.
For example, I want only group net to have access to the Internet. Group net is then connected to:
Code:
So far, I am using the gnome group policy manager that is standard with ubuntu but Its not working. It is possible that im misdirected and that I should use a firewall instead?
I have ssh installed and running on my laptop(Debian Sequeeze). I can run "ssh localhost" without any problem. But for some reason I cannot connect to it from other computers. They all give "connection timed out". I can connect to these computers`s ssh servers but for some reason my laptop with Debian is not accepting any connections.
View 5 Replies View RelatedHow to make a directory or files created in a directory by anyone be assigned a specific group name?
View 6 Replies View RelatedI hope I am in the right forum. I have a question about restricting users from being able to change their own passwords in Fedora 10. In Fedora 6, I was able to do this by using passwd with -n and -x flags. If I would set the -n value greater than the -x value, then the user would not be able to change his/her own password. If I do this in Fedora 10, this no longer works
View 4 Replies View RelatedI have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
I'm trying to setup VNC on our debian server so the boss can remotely do admin stuff from anywhere in the world. the first step is getting it working from anywhere in the room, though. And I can't even seem to get that far.
So far I have a VNC server setup, although not without problems. I downloaded and installed vnc from the vnc site, that wouldn't work because trying to start a vnc server gave this error: "error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory"
There are lots of results on google for this error, and the solution everywhere seems to be the same. to install the package: libstdc++2.10-glibc2.2
However, trying to install this package in debian fails. both using apt-get and trying to manually download it from packages.debian.org it just doesn't seem to exist.
I've tried tightvnc from the official repositories and it gives the same error, too.
The way I got around that eventually, thanks to another tutorial, was to install the package vnc4server. then run vnc4passwd to create a password. and after that vncserver works fine, or seems to. Creates display 1.
Now, when I'm trying to connect to hostname:1 from another computer in the LAN. It gives error 10061, connection refused. I installed the debian and I don't recall setting it up to refuse connections on port 1. Is there anything I should check or change to allow the connection, or any log file in debian to check and see what's going wrong?
I'm also trying connecting internally via client on the debian machine, but I can't runvncviewer. I get the same missing shared library error as before. I guess I just worked around, not solved it.
I also can't access it with the java viewer. Trying to connect on port 5801 either from the server itself, or from another one on the lan, tells me it's refusing the connection.
To be clear, I'm certain that the vnc server is started. We have working DNS, and trying to connect directly to the internal IP:1 doesn't work either.
For some reason my FTP packets are blocked by iptables even though I thought I allowed them through
My syslog errors are along this line:
And my iptables ruleset:
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
i want to Restrict a particular user from creating a file beyond a prticular size.ie he should not be able to create a prticular size [say 10mb] but he can use upto 10 gb.[ not the quota space i mean]
View 6 Replies View RelatedA little background: CCNA and A+ I have preformed this task on Cisco routers Linux for 5+ years, mostly with Debian (mostly casual, a few production situations) I need to setup a linux box with Load Balancing over a cable line 8mb down, 1mb up connection and a T1 line. If this isn't possible, at the very least I need Failover (which I have admittedly not researched as fully.) I know Failover is possible, but I would really love to double my upload bandwidth as we host a small website here. Is load balancing over uneven connections possible on Debian?
Side question: If I host a website, when users connect and get responses over 2 Public IP's, what would be the reaction on the users side? Would it get filtered and or blocked by a firewall?
My Debian server is used by people to set up ssh-tunnels for use as a local proxy ( on their remote machines).Since only the tunnel is setup, and no shell is used, I can't use "who" to see which users have an active ssh-tunnel on my server, but I would like to have an idea about who is active etc. I think I should be able to determine this from the auth.log file, but then I would have to use some script to determine what connection is still active. Is there an easy way to see what users have active ssh-tunnels on my Debian server at any given moment?
View 3 Replies View RelatedI'm trying to bridge connections between a wired and a wireless connection in one of my computers. I was told it was impossible due to low-level limitations in the wireless subsystem, but apparently theres a way if you somehow forward packets from one port to the other. Is there a way I can achieve this?
View 1 Replies View RelatedI have exim setup on squeeze to run as an "internet site". Outgoing mail works fine but it seems to just ignore incoming smtp requests on port 25. I can see the incoming connection via tcpdump but exim doesn't seem to talk. If I connect via telnet it rather quickly says connection refused. Is there something additional I need in the Exim conf?
View 1 Replies View RelatedI just installed Debian and am getting a problem where I can't open the list of network connections. I can use the network manager applet to connect to wireless networks, but I cannot access the network connections list from there either (right click "edit connections)
I'm not incredibly knowledgeable with Linux, but I tried a few simple things I could think of like reinstalling the packages, or restarting the interfaces. (ifdown/up wlan0)
It's strange, because when I click "network connections," I see it show up for a second on the bottom panel, I get some rotating mouse icon while I wait a few seconds and then if goes away. Is there some kind of logfile that could help me identify the problem?
Using Debian 6 on eeePC1000HEB with Ath9k (i think) wireless card. Net Interface: wlan0
I am still a noob with linux and debian in particular. I do some android development so through that I have learned a little bit about linux but only the basic command prompt commands and the basics of how linux works and such.Anyways, I was looking around on the forum and on other forums and I couldn't find any helpful information about how to set up wireless connections (such as wifi) on debian. When I installed debian on my computer it asked me for the ipw2200 files and I didn't have them at the time but now I have the latest framework files for that, I don't really know how to install them and after I install them I don't know how to turn on my wireless connections from there.
I am really sorry if someone already made a post on this subject and I am just too clutzy to find it, if that's the case please just post the link to that thread for me cause I'm dumb as crap.So basically the main problem I am trying to fix right now is that I cannot get my internet to work on my old dell inspiron 6000 laptop which I am trying to get to run debian.
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
View 1 Replies View RelatedIs it possible to allow a group/user to execute a command, where one of the parameters of the command is a group as well? example that does not work as intended:
Code:
Cmnd_alias SU=/bin/su -l %group1 This example works sortof, it treats the "%group1" literally. I know I can list out the "/bin/su -l <eachuser>", but as you can imagine that is impractical. In this example, I want people in group2(not shown for brevity sake) to be able to su to someone in group1
I have a set of two amd64 machines with Debian Lenny. Machine 2 reads all the users' information from the Machine 1 through LDAP. Also, in Machine 2 I set up a dchroot environment for 32 bits compatibility ( following [URL]
In addition to the above instructions, on this Machine 2, I set up /etc/libnss*, /etc/ldap/*, and /etc/nsswitch.conf both for the amd64 and for the i386 environments. I have no problems if I'm in the native amd64 mode. However, once I enter the i386 dchroot, some strange things happen:
1) For users from uid=1000 to uid=1031, I get an error if running 'whoami' (Cannot find name for user ID XXXX) and if I run 'id' , I get all the correct group numbers but no translation to group names in parenthesis as it should be. 'ls -l' also only lists group numbers but no names.
2) for user 1032 I cannot even change into the dchroot, I get the error "E: Group '1,031' not found"
i want if a port (exp. 1001) have 20 connections that the next new connection forword to an other port (exp. 1002).
View 2 Replies View RelatedI just installed Debian Jessie (3.16.0-4-amd64) on a desktop box I intend to use as a server in our home office. During installation I included the web server and SSH server options. I have a user account, 'mitchell' set up in addition to root. Everything is working great except that I am unable to log in via SSH from other machines, such as a Windows desktop also on the office LAN (using PuTTY). From the PuTTY terminal it looks like the user name is accepted because the password is requested, but after entering the password it says "Access denied".
Back on the Debian box in I see:
Code: Select allNov 26 14:12:02 DebianDevP6TSE sshd[2278]: Invalid user mitchell from 192.168.1.96
Nov 26 14:12:02 DebianDevP6TSE sshd[2278]: input_userauth_request: invalid user mitchell [preauth]
Nov 26 14:12:07 DebianDevP6TSE sshd[2278]: pam_unix(sshd:auth): check pass; user unknown
Nov 26 14:12:07 DebianDevP6TSE sshd[2278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rmbiserv.attlocal.net
Nov 26 14:12:10 DebianDevP6TSE sshd[2278]: Failed password for invalid user mitchell from 192.168.1.96 port 60010 ssh2
So I am guessing I need to set up either the SSHD server, or maybe something in PAM, to authorized users for SSH access?
As a note, "mitchell" is the user name I use to log on to Debian, and I am entering the same user name and password when trying to log in via SSH.
If I try to log in via SSH as "root" I get the following in the log:
Code: Select allNov 26 14:17:01 DebianDevP6TSE CRON[2329]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 26 14:17:02 DebianDevP6TSE CRON[2329]: pam_unix(cron:session): session closed for user root
Nov 26 14:29:59 DebianDevP6TSE sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rmbiserv.attlocal.net user=root
Nov 26 14:30:01 DebianDevP6TSE sshd[2383]: Failed password for root from 192.168.1.96 port 60132 ssh2
I make a group a member of another group?
I am running Samba and want to include all groups as members of the Domain Users group so that I don't need to add this for every user?
I don't exactly know what happened but for some reason only the main user has access now to the networkmanager and is able to connect to internet. If I switch to another user, the networkmanager reports no connectivity and the PCMCIA card dies. Does anyone know what to do? It seems like an access feature, related to permissions or something.
I checked but the user is added to the netdev group...
I'm running sid, reasonably updated. I decided to add a samba share. I installed samba (2:3.4.8~dfsg-2), samba-tools, smbclient, smbfs, & samba-client. I did a "/etc/init.d/samba start" and even rebooted. But when I try to add a samba password for my regular user I can't.
# smbpasswd -a praxis
bash: smbpasswd: command not found
I did a "locate smbpasswd" but I'm only seeing:
[code]...
It looks like my web/ftp server has been hacked but I'm not sure how. I logged in tonight and found I had new mail. I read it and found some e-mails that had failed to send because I don't have mail setup (luckily). The e-mails were trying to send my user name and password to the e-mail address lostsoul2k@ymail.comI've no idea where to start, I use SSH, FTP now and then and it hosts a Wordpress site. The FTP users do not have access via SSH, only my user ID. However, the e-mails also contained another user ID that only has FTP access to the server.I've looked through the logs for rkhunter but it doesn't look like it found anything.
View 11 Replies View RelatedThis is a perennial problem with Linux. I am just not comfortable moving a lot of casual files around as root. How can I have user access to a USB stick? I've done my Google searches and tried several methods, some of which work temporarily but not permanently. At the moment, I have this line in my /etc/fstab: /dev/sdd /media/usb_flash ntfs noauto,users,rw,umask=0 0 0
As with other methods, this worked last week but not now.
All I want to do is insert a USB stick, transfer some files and remove the stick. I want to do this as a user. This should be simple. What is the trick?
I created a new user with command useradd (as root) :
Code: Select alluseradd razer123
And then set a password with command passwd (as root):
Code: Select allpasswd razer123
No Error!
When I logged out and tried to login with new user, I coulden't! (even after restart!)
I looked into /etc/passwd :
Code: Select allcat /etc/passwd | grep razer123
result:
Code: Select allrazer123:x:1002:1002::/home/razer123:/bin/bash
There is no home folder in the path!
# I have debian 8 and MATE desktop.
After fossicking around I can not find anything around that I can invoke in a terminal to configure settings in network-manager. The applet(?) on the task bar doesn't ask for a login, so options are grey/grayed out. The "program" in the applications menu is similarly grey/grayed out.
If it was a once off, then I suspect that it would be simple as login as root to start X, but I have a series of config files to edited each time of their initial use. also, there is the ongoing problem of vpn target switching.
woops; wheezy with xfce4 and everything is uptodate.