I have joined the domain (server 2003) and can log in consistently now. Now I would like to give all the windows users in on specific group (domain power users) SUDO rights on the machines in question. I have found one way to add users on a pr. user basis, but adding 30 users will take some time.
View 4 Replies
I have a problem when I want to use su I get this error:Code:su: pam_start: error 26I have googled it so I found this topic (http://www.linuxquestions.org/questi...r-26-a-615024/) but it didn't really help me. There was a reply on that topic and his question was what the output of this was:
Code:
ldd /usr/bin/passwd
and
[code]....
When I run an exe-File, I become the message: -bash: ./a.out: Keine Berechtigung (No rights)
I have all Rights on the Folder and on the file. I suppose that the problem is that my group "Benutzer" has no rights to execute files. Where can I change the rights of my group?
I have this group "cn=admins,ou=groups,dc=home,dc=com" And I've configured slapd in the new way so I'm not using slapd.conf (I think). First I thought about just modifying the files at /etc/ldap/cn=config/....... but that didn't work. How do I make that group into an admin-group with all the rights ?
View 3 Replies View RelatedI've installed Directory Server (LDAP). The setup has been done according to the tutorials online. Able to access the interface as well. So far so good. The issue I have is with permissions. I can assign file permissions to a user created in the Directory Server ( user not created on the local server). But the same can't be done for a group - alteast the way I currently see it. How could i assign file system rights to a group created in the directory server.
View 5 Replies View RelatedIs there a way to drop privileged sudo rights? a schellscript or applet?
View 6 Replies View RelatedProblems with launching data files of the nas and saving to them is a kde problem. The dot desktop files have to contain access rights for smb/http etc and even when given these it still will not work. I have mainly concentrated on getting the VLC video player to work as it is capable of playing from just about any source, comes with codecs etc etc. Amazing package really.
Pure K apps such as kwrite at least work fine. I tried setting up samba but to no avail.
As dropping a file into VLC's focus didn't do anything I created a vlc desktop icon and dragged the nas file onto that. It plays and a kde error message pops up from plasma shell - can't find file!
I enable kde automount. The content of that when it starts is disturbing. It shows my system disks a detachable and not attached! No need to worry though. I selected mount on log in and attachment where the server was shown. VLC still wouldn't work.
Next I enable NFS file transfers on the NAS. This has allowed me to use open with directly onto an avi file on the nas. I can also click launch them. Remaining problem is opening files on the nas from within VLC. Up pops the kde message "you can only select local files". The file manager here seems to be an instance of dolphin. This suggest that there is going to be a problem saving files to the nas as well. Looks to be the case. VLC can convert formats and all sorts of things. If I select a file locally and try and convert it and save to the nas up pops the "you can only select local files" as soon as I select ok having set the path and file name.
Strange thing is that working transfers seem to be using CIF even though it took an NFS enable to get it partly working via KDE's automount. Dolphin only allows a CIF set up which has a distinct advantage as a direct ip address can be entered. The automount has introduced a very very long delay before kde is up and running following a log in. Samba is even worse in this respect and both seem to lack a method of direct ip input which means they have to find the server.
One other aspect. As far as NFS is concerned from a very recent post elsewhere nautilus works. Pass on CIF. And of course it's all instantaneous and ok on windows even on vista. Enabling the TV protocol on the nas has confused Vista as it only wants to connect like that and needs drivers. Might also be down to having NFS enabled though. MS might not like that.
I have filed all of this on bugzilla if anyone would like to vote - bug number 695648. Seems to me that the CIFs route should be the default for ease with many users on home networks. I'm also sure that the problem is basically KDE preventing aps from accessing the nas.
I was observing the following behaviour:
py script:
os.mkdir(path) #all OK
operations_that_take_10hrs_to_complete()
os.mkdir(path) # permission denied
like I lost my sudo rights after some time ..
I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.
My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.
In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
View 8 Replies View RelatedQ: How do I mount a CIFS share so that my user stevej has all rights to it?
Summary: I can mount the share as root.
mount.cifs //10.x.x.x/Data /home/stevej/Synology/Data/ --verbose -o user=stevej
Using Dolphin in Super-User mode, I can copy files and directories from the share to itself with no errors. Using Dolphin in Normal-user mode. I get the failure "Could not change permissions for...". The file is copied, but its owner,timestamp and permissions are wrong. If a subdirectory is involved, the copy aborts.
Using Windows XP I can copy files and directories from the share to itself with no errors.
Testing: If I mount with uid and gid, then my normal user can not access the share.
mount.cifs //10.x.x.x/Data /home/stevej/Synology/Data/ --verbose -o user=stevej uid=stevej gid=users
[code]...
Synology DS211 - There are 2 users on it. One of which is stevej and the other is julie. Rights RWX are applied to the users and the group called users. All files have stevej as the owner and users as the group with RWX Opensuse 11.4 - There are 2 pc's. One is run as stevej. The other pc runs as julie Windows 2000 - Runs as stevej and maps to the share as stevej.
Works as expected Windows XP - Runs as julie and maps the the share as julie. Works as expected Ultimately, I want the shares to automount at boot, or login and give the user full access. I have been to Swerdna's page and done as much as I can, but still no luck.
I have 3 windows computers and just bought linux server. All of them are currently connected to switch. There is also Wireless AP connected to switch and ADSL router connected to switch (yeah, I know its possible to buy a 3in1 but this was bought piecemeal). ADSL is doing the DHCP and I'm not using any other advanced services.
Now, I want to route everything over the linux server. I got the 3 LAN cards for him (one for wireless, one for LAN and one for ADSL) but when I connect everything this way its not working (surprise surprise). I'm following Linux Advanced Routing & Traffic Control HOWTO but its surprisingly sparse on the topic of network setup and i dont know how to proceed now. Since the server will be a choke point I presume I need to setup DHCP server on him? First question is: can I use same netmask on all of these subnets? Ubuntu DHCP server guide uses both static and DHCP and am not sure if I should also use static on some routes or is it ok to use DHCP on all.
Also, when I was installing ubuntu server only one LAN card was used (eth2) so ifconfig shows only lo and eth2, but when I do ifconfig eth0 up and ifconfig eth1 up it doesnt look like its working. Anyway, hope somebody has some tips to point me in the right direction, primarily DHCP server setup and if I missed any steps...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a NIS user on my company, but after install opsnSUSE 11.2 on my workstation the owner and group of all of my file are 4294967294
Code:
[vampird@lyra]:~$ l | head
total 2277
drwx---r-x 30 4294967294 4294967294 2560 2010-07-21 13:12 ./
drwxr-xr-x 69 4294967294 4294967294 1536 2010-07-16 16:01 ../
- -rw------- 1 4294967294 4294967294 129 2010-07-21 11:34 .bash_history
- -rwxr-xr-x 1 4294967294 4294967294 2323 2010-05-06 01:56 .bashrc*
drwxr-xr-x 3 4294967294 4294967294 512 2010-07-21 10:56 .cache/
drwx------ 9 4294967294 4294967294 1024 2010-07-21 11:11 .claws-mail/
drwxr-xr-x 5 4294967294 4294967294 512 2010-07-21 11:33 .config/
drwx------ 3 4294967294 4294967294 512 2010-07-21 10:55 .dbus/
drwxr-xr-x 2 4294967294 4294967294 512 2010-07-21 11:25 Desktop/
[vampird@lyra]:~$
On the server I can see the owner as vampird and the correct group,
VampirD
Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - [URL]
iEYEARECAAYFAkxHNfAACgkQJQ+0ABWtaVlcagCdEo5kiwydUTmZ+dkD4R4jholx
bi4AoO6T2OzHealqsQ+9Z42jJ7rYJ6uL
=YKm8
-----END PGP SIGNATURE-----
Now I have set up a terminal server at work, with Ubuntu 10.04LTS and Free NX terminal server. All works great, over all expectations. But I have some file permission problems. In the home folder I have mad a folder where files that all users should have full access to is put. The problem is that when a user puts a file there, only that user have full access to that file, other users only have read rights. How can I make it so that all files put in this folder have full rights for members in the group "staff"?
View 3 Replies View Relatedi try to install bugzilla on suse 11.2. For that i want to add a new user / group to the apache2. I want to add the following commands to the envvars but there is no such file available
export APACHE_RUN_USER=apache2
export APACHE_RUN_GROUP=apache2
I made a mistake on my friend's Ubuntu system when trying to get hard drive permissions right. I wanted to add a user to a certain group with usermod -G, but without realising I should also use -a, with the result that the user is now not longer in the sudo group. This is the only (regular) user on the system, which means I can not sudo usermod again to get it right. So what to do? The only solution I can think of is using a live disc to restore the group belongings, but I want to know if there's a quicker way. Also, I don't know what more groups the user was in. Is there a history? Or else, what are the default groups?
View 5 Replies View RelatedI have a box with about 30-40 users on it, and I need to prevent a certain group of users from using sudo at all. Is this even possible.
View 4 Replies View RelatedI'm trying to allow a specific group on my machine to execute one command with sudo without requiring a password, so what I want to do is add something like this to sudoers:
%groupName ALL = (ALL) NOPASSWD: /bin/bash /path/to/shfile.sh argument1 argument2
argument1 needs to be a url : http://subdomain1.subdomain2.domain.com
argument2 needs to be a path of the form /var/www/demo/SomeFolder/application/config/config.php
How do I put in a regex form that sudoers will understand ? I tried reading the sudoers manual, but it didn't help a lot .
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
After a disastrous foray into LDAP I restored NIS on a very simple network run by a very simple operator. Everything now works except for YaST on the NIS master. I can't manage NIS users in YaST any more. The option 'show NIS users' is now absent from the 'filter' button up in YaST "User and Group Management" So, after following the YaST route to LDAP there seems no way back...
These are OpenSUSE 11.3 boxes and the slave NIS server can't [obviously enough] delete expired NIS users on the master, although it sees them fine. Disabling or changing NIS server or client on the Master simply restores the 'wrong' settings - nothing is erased or cleaned. How do I clean up NIS controls so YaST sees it properly? or What do I need to do to restore NIS group & user control to YaST?
i have a ubuntu server box with samba 3 as domain controller with all windows 7 clients.i am wanting all users to have local admin rights so they can install programs etc.
View 1 Replies View RelatedI want to set samba to act as domain controller PDC.Is it possible to create user profil in samba with rights to change network settings but not install software, create users.Something like network admin that is like normal user but he is able change network settings.
View 1 Replies View RelatedI'm running out of ideas (and of forum threads to try), so here is my problem: I want to create a web page using perl to configure a router. The router is going to be used to limit bandwidth to some IPs and also to block some IPs. I'm using Centos 5.3 which comes with httpd and suexec pre-installed. The command I want to use are "route add -host ..." and "tc filter ...", these commands can only be run as root.
[Code]...
I have 3 computers. One running openSuse 11.3 with SAMBA and the other 2 are Windows 7 Professional boxes. I have the same user name and passwords for all three boxes.
From the Linux box I can access one of the Windows 7 boxes but the other won't accept my user name and password. The one that won't accept has Windows LiveID Sign-In Assistant installed. Apparantly that's an automatic install now.
I've read that there is a bug with the SAMBA libsmbclient [URL].
I tried updating via YAST but still end up with version 3.5.4-5.1.2 and this doesn't work.
When I insert some homemade DVDs of a friend, I can't view its contents. DVD works fine on windows XP, but not on opensuse. Dolphin gives an error: access denied to /media/071114_1638.I can't do a chown command because dvd is read-only...And when I do an ls -l I get:
Code:
ls -la /media/071114_1638/
ls: can't access /media/071114_1638/.: Permission denied
ls: can't access /media/071114_1638/..: Permission denied
[code]...
I just intalled OpenSuse 11.2 on VmWare Server 2.0.2, the network is configured as Bridged and is sucefully configured a fixed IP in my network. Ok... The problem is... I can ping / trace all addresses from OpenSuse console. But I Can't wget all of them... It's a random thing. the same address that trace's ok, don't work for HTTP.
View 2 Replies View RelatedI have used ubuntu in the past but had a lot of hardware issues with it and unfortunately moved back to windows (( BUT i have tried Ubuntu again and all seems to work great except wifi My wifi connection is sort of working because when i run SUDO IWLIST SCAN it does pull up all available networks. But in the network manager icon on the panel i left click but i see no networks and can't connect to anything. I WOULD LOVE TO keep Ubuntu and use it permanently but I must get wifi working or else this won't be possible.
View 4 Replies View RelatedI've got a problem with my usb pen drives. If I put some data inside, from the 2nd time I insert the pendrive in the computer I can't write on the usb pen, I can't change my files, and also they are hidden. I've formatted them with the format/partitioner tool in yast, but I can't solve my problem. This happens with all my usb pendrives and also with the sd of my camera. Is there something that I can do to solve this inconvenient?
View 3 Replies View Relateda friend of mine is doing a small website-project in school (group of ~6 people). They want to use git as VCS and need acces to a server. I have an account on the server from university, but - of course - no root access.
I could create private/public keys for them, to SSH into my account, but I don't want them to have this power I found 'git-shell', which seems to be used for restricted access with git (although I'm not sure whether I understood the functionality).
My question is: Is it possible to configure SSH keys in that way, that the server runs them (and only them) in git-shell in a specified directory (using ~/.ssh/{config,authorized_keys})?
So that they can
- log in with their SSH key
- use git, execute scripts etc.
- use git push/pull from their private+school PC
- work only in a specific directory (like chroot) eg. ~/web-project/
[Code]...
I googled it but I can't find an answer so how do I group windows on AWN dock in Ubuntu 9.10?
View 1 Replies View Related
