I have an internet and mail server installed CentOS, and I want to restrict client machines to access a certain website, e.g. if i want restrict users from accessing the website: www.mydomain.com, How do I do it?
View 6 RepliesI need some kind of step by step process to restrict my users to only have access to directories that I specify ? For example user joe can only access his home directory, read access to /tmp and read access to /var/log/httpd
View 1 Replies View RelatedI have a few small lists created in mailman, and I want users to be able to receive, but not post. Where do you find this setting?
View 2 Replies View RelatedI wanted to restrict users within a particular folder say /var/lib/tomcat/webapps. I want the users to see all subfolders inside webapps and work with it (edit+read but no delete). I understood that chroot is the way, and i read this [URL] community discussion, but what i understand out of it is, they are trying to give a complete working installation of ubuntu to the user within a directory which i dont want to.
View 3 Replies View RelatedI run a system that users may log into either remotely or physically. Multiple users may be logged in simultaneously because of the remote access, but only one user can be physically logged in at a time.With the current setup, however, if the physical user inserts a flash drive (which the OS mounts automatically) then the remote users gain access to the removable media.
View 6 Replies View RelatedHow to restrict some uses to send mail to outside domains except local in sendmail.I am using ( CentOS5 + Sendmail )
View 2 Replies View Related I have a desktop (picard), and I want to be able to connect to it from my sisters laptop (zuma) to quickly scp files from my machine to hers. At the same time I don't want the whole world to be able to connect to my machine via SSH. We're connected through a router. I've tried adding the line
"ListenAddress 192.168.0.0"
to /etc/ssh/sshd_config, but this prevents me from being able to connect to my machine from another on the network. From my understanding of the ListenAddress directive, I would assume "ListenAddress 192.168.0.0" would allow my sister's address through (192.168.0.192).
Am I missing something?
In my office i want to setup a Linux machine for public usage , in this machine i want to restrict/deny access to certain applications (ex:- k3b, xterm , pdf reader etc) for certain users/group of users as per the office policies.
1)By what method/procedure i can achieve this objective ?
I have a small home network with a router to the outside world and an ubuntu server through which traffic passes first.My ISP limits my download usage during the day, which traditionally has not been an issue, but now the children come in from school, boot up the internet and up goes my usage!Ideally I would like to be able to restrict them to IM and maybe certain specified URLs (I think the latter probably needs to use Squid though?). Once the download limits are lifted, I would like my iptables to allow HTTP, etc, but pretty much block most other things.
I have two sets of iptables currently to approach this issue, with a cron job that runs to swap between one and the other.Chains run in order, so if rule A says allow x, and rule B says drop all, then X should still be allowed. However, try as I may, this is not what happens in practice. I have even tried changing the overall order from ALLOW to DROP in FORWARD and then approach from the other angle. That didn't work either. *IS* it actually possible to block all but http / https and IM? These are myrules:
Code:
# Generated by iptables-save v1.4.4 on Sat Jan 9 19:15:49 2010
*nat
:PREROUTING ACCEPT [583:45175]
:POSTROUTING ACCEPT [694:60887]
:OUTPUT ACCEPT [143:18642]
[code]....
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies View Relatedi installed tomecat6 in Linux server i deployed xyz.war file and jkmonunt in Apache this is for out side usage recently i deployed one more war abc.war i din't mount in apache this is internel application usage purpuse in my application i tried to call this abc.war (http://X.X.X.X:8080/abc/abc.war) but i am unable to access this folder i checked the iptable rules i gave access permission in 8080 port.
View 2 Replies View RelatedIm trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
Every developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
I have set up a small Mesh Wireless Hotspot at a local Flea Market. My plan is to add in one of those HotSpot services for billing and such..ut until I have enough users to justify that expenditure, I am just going to manually set up accounts.The system is all up and running as an OPEN SYSTEM. Users are able to access the net just fine thru my existing setup.My question is, how can I create user accounts so that users of my wireless network will have a username and password that they can log in with
View 11 Replies View Relatedi'm using fedora 9 and mozilla 3 with dsl internet connection. i can't access some site in my computer but other computers can using internet explorer. i hope this is the right forum for this.
View 8 Replies View RelatedI just bought the Barnes & Noble Nook eReader for my wife's birthday and a requirement is to log on to the Nook website and establish an account. Using her Fedora 13 64bit desktop and Firefox she repeatedly tried to access the website www.nook.com to create an account, however consistently got the server not found message. Even using the Firefox addon User Agent Switcher and turning off NoScript did not correct this.
When we switched over to the WinXP install and Firefox we were able to access the website no problem. Anyone else unable to access that website via linux?
I have web server apache on linux Centos. I can access it successfully by typing on the address bar http://localhost, 127.0.0.1 or 192.168.0.150 from the local computer server and the site loads normally with graphic. When I access the site from another computer in the same local network, I don't get the correct website. I see the site like html as text not graphic. Please see below text file output from the browser: Also I can only access the site by typing 192.168.0.150 IP address in the address bar. When I type http://localhost or 127.0.0.1, the site does not come up. Do you see what I did wrong? How can I fix this problem.
View 7 Replies View RelatedI am trying to block a few websites on a lucid lynx, I tried editing /etc/hosts and that blocks access via url but the site still open if I enter the ip on the browser, how can I block ip access also? (without using any extra software besides what linux 10.04 have by default)
View 1 Replies View RelatedI'm using Ubuntu Linux as my operating system.In my network only the ipv4 is suported, and I need to access some website through ipv6. How can I do it, is there a way to tunnel from the ipv4 to ipv6.
View 2 Replies View RelatedI want to restrict access to certain directories to my ssh users but allow them to read files by known path from there(mostly it's meant to be done by applications).
View 2 Replies View RelatedI'm a windows convert and need to know what the command for finding out all the users on a system would be. Did a ps -ef for the processes, now I Need to find out what the users are for IA.
View 3 Replies View RelatedI have a firewall/router box running openSUSE 11.2 between the outside world and the LAN. This router also provides DNS for the LAN and has SuSEfirewall enabled. LAN users need (almost) full access to the internet. However, I want to block certain sites which are not required for work (you name it: facebook is my candidate). What is the most elegant way to block certain sites (which have quite a lot of different IP numbers) ?
View 2 Replies View RelatedI'm using Sun One LDAP server, (Soon to be moving to openldap). I have one Master server, no slaves, about 60 user accounts.
I'd like to add an attribute to each of the users DN's to restrict there ability to login to specific hostnames. I.e. I have hosts A, B and C. Dev staff can access A and B, but not C, and support staff need to access all of them.
I found a link at [url] which talked about using 'hostsallowedlogin' and 'hostsdeniedlogin' attributes but I'm presuming these are bespoke. If they are, how do you configure the ldap.conf to take note of these attributes when authorizing access?
I am trying to setup a system that will only allow root access to the DVD drive and no other users.
View 8 Replies View RelatedI have created 2 users and changed their secondary group to grp1, then changed permission for a directory dir1 to 770(no permission for others) and group to grp1.
The both normal users are not able to access dir1. How is it possible to access that Dir using general permission (770).
How to monitor web access activity in the lan without creating any inconvenience to the end users? Could any one say is there any software tool?
View 2 Replies View RelatedI created some users on my Ubuntu 10.0.4 machine a long time ago (whilst experimenting). Some of these users can login to the system, and others were prevented from login in. I can't remeber which ones can login. I have the following questions:
How do I find out which users may login to the machine? How may I disable an existing user account from login in? How may I re-enable a previously (login) disabled user account so it an login again?
I have a CentOS dedicated server running ProFTP. I have created user accounts which are meant for FTP access only but the users cannot connect to the FTP unless their shell access is /bin/bash
Here is an example line that is outputted when I use this command:
This user can access the FTP fine, but he can also access SSH which I don't want to allow him to do. If I set his shell access to /bin/false then he can't connect to the FTP.
What can I use in instead of /bin/bash to allow FTP but don't allow SSH?
OK, I have a very simple question.
Is it possible to share one folder between 2 users with full RW access without sharing every other directory they own outside that folder?
This seems straight forward enough to me. I've just asked it on #linux at irc.freenode.net but when we tried it became apparent that no one there could tell me how it was done.
I configured FTP server on Fedora 7.0 . I create different users with different password. I also create seprate directory for each FTP user. All are working . When I use filezilla for connecting that FTP site I can access all the directory on that server.
Now I want to configure that no any FTP user can access other FTP users directory or any other directory in server machine . What I do for this .