OpenSUSE Network :: Confine An Authenticated FTP User To The Designated Ftp Directory?
Feb 10, 2010
I have configured my Laptop running OS 11.1 as an ftp server with vsftpd behind a router on my home network. I have managed to get it working so that I have authenticated users who can connect and write using the external ip address. The problem is that the authenticated user, rather than being allowed access only to the folder in question (/srv/ftp), can browse my entire directory structure.
When I tried this from a different computer (a Mac) from within my home network (but connecting through the external IP address) with fileZilla, using a user name I established as the authenticated ftp user (not my own uname), I could even download and write to other locations in the directory. I had another person try from outside the network, and they could browse the entire directory, but couldn't download from it. how can I confine an authenticated FTP user to the designated ftp directory?
1.User login/authentication via a single NIS server. 2. User home directory should also be on the Same NIS server. 3. If possible to setup a single shared home directory for all users.
OpenSuse version 11.2 There are twelve workstations from which users will login using the NIS authentication. I have succeeded in setting up NI server. However login fails as the home directory is not accessible.
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
Continuing with my assigned task of migrating the company's PCs to GNU/Linux (openSUSE as server for GNU/Linux clients) I managed to set up a DC with roaming profiles for the few remaining Windows users, user validation and login for the openSUSE boxes and a few network shares with different rights. I know there are no roaming profiles for GNU/Linux and I can live with that but I would like to specify wich users/groups would have their home directories saved locally (notebook users) and which will save them on the Samba server.
By default home directories are saved locally but somehow Samba creates a minimal home directory for each user under /home in the Samba server. How can I tell the client box to use that directory? and how can I set up the few notebook users to save it on their disks? Maybe using the options under Yast > Security... > Users and groups management > Users (LDAP Users filter) > and then select the user and use the "Manage Samba account parameters" plug-in for specifying the different paths cant achieve this.
I have shared keys setup on my domain, so I never type my password to login anymore.
I've forgotten my password now. This is a problem because only my user can sudo. Password authentication for root has been disabled, so without my password, I cannot do maintenance on my web server.
Is there a way to reset my password as my [now only] key-authenticated user?
I am trying to create a certificate case user logon via ssh. On the server I have openSSH and a few users. I want to be able to assign a user a certificate to connect remotely via SSH.
I want to limit what a authenticated user can do on my Linux server. I've set the default shell to rbash, but I know a knowledgeable user can switch shells. Can I use file permissions to deny execution rights to /bin/bash to anyone who is not in a particular group? And if that works, how do I find out what other shells are installed on my server (Ubuntu 9.10)?
I found that if any usual user is logged into a NDS-tree, then _local_ root has full access to user's network shares, including the user's home directory located on remote Netware-server. Is it by design or have I missed something? Nevertheless in windows local admin has no access to network resources mounted of any other user. If you runas shell (as admin) then admin in principle can't "see" network shares which were mounted (connected) by other users - they are accessible ("visible") per session.
Take a physical user FRED. FRED is a linux user ( known by linux on his laptop ) FRED is a Samba user ( Known by samba on the samba pdc server ) When he logs locally (with username/password) on its standalone laptop (with no network), he is known as FRED:user. He access his data in /home/FRED/. When he logs through samba (with username/password) on the domain MY_DOM, he is known as MY_DOMFRED:MY_DOMdomain user. He access his data in /home/MY_DOM/FRED/. ) Is it possible that the human FRED has only one repository and have full access to its repository regardless of how it was connected. If yes, how to do it
2) If not, Is it possible that the human FRED has full access to /home/FRED/.............. and /home/MY_DOM/FRED/.
I am attempting to setup a linux file server in active directory. It has been kind of an ongoing project(nightmare) for me... I have tried a few distributions of linux and I have to say I really enjoy openSUSE. YaST is my best friend. Now to the problem at hand.
I have samba installed and configured for the domain. I was able to successfully join the machine to the domain. I can even log on using domain user names and passwords (more than I was able to accomplish with other distros...). Where I am having a problem currently is I cannot see the suse machine from a windows machine. I can access shares from suse to windows though.
I was using Ubuntu and installed Opensuse 11.4. I have installed Pidgin 2.7. I copied the old .purple directory from Ubuntu into my Opensuse home directory. But now the Pidgin is not reading the data, logs and configuration from the .purple directory.
I've created a guest user in the group "user." I'd like to limit its read access to its own home directory. However, by navigating through File system>home it's able to read my home directory. I was under the impression that users were limited to their own home directories. Am I missing something, or is there a group I can assign this guest to, to limit its read access to its own home directory? I've read about Pessulus (I use Gnome), but that seems to be geared toward limiting access to applications, not directories.
Ideally, I'd like to create a group that cannot navigate through any files except its own home directory. But it seems that if I try to do that, the guest user will not be able to execute any applications. I've read all the posts (and other forums) I could find about creating such a limited account, but the chroot jail is beyond my understanding. I get the feeling that it's geared toward networks.
I'm trying to jail a sftp user. All I want is for my daughter-in-law to be able to download pictures of my grandson on his step-uncle's motorcycle. But I don't want her browsing around. She's not a techie, but she's smart enough to catch on how WinSCP is looking at my files. I've set up the jail using jk_init, adding ssh, sftp, bash, netutils, basicshell, jk_lsh.
The physical root of the jail is owned by root, as are all the binaries loaded by the jk_init. The user's home directory is owned recursively by the user and is writable only by the owner. The passwd and group files are in the jailed /etc and populated by the user's lines. Shell is bash, and bash is there too. The error message must be coming from some other problem that's not notifying, but what?
how do i configure a designated monitor to be my main desktop when running dual monitors in separate x windows?i cant use twin view, as full screen issues and refresh rates are different.
Q: How can I allow my users to mount a cifs share without an entry in fstab in OpenSuse 11.4?
I have an answer myself. Until OpenSuse 11.2 I could mount my samba shares by making mount.cifs and umount.cifs setuid root. Today I installed OpenSuse 11.4. Unfortunately mount.cifs isn't anymore allowed to be setuid due to security concerns. Security is not an issue in my case, so I copied the mount.cifs and umount.cifs from 11.2 to make it work again:
1. Download cifs-mount-3.4.2-1.1.3.1.x86_64.rpm from this repository (I use 64 bit): "http://download.opensuse.org/distribution/11.2/repo/oss/suse/x86_64/" 2. Extract the files mount.cifs and umount.cifs from the rpm and copy them to /sbin 3. Make them setuid root:
Code: linux-y5qw:~ # chmod u+s /sbin/mount.cifs linux-y5qw:~ # chmod u+s /sbin/umount.cifs 4. Mount your cifs shares as a normal user:
I am using openSUSE 11.2 with active directory for authentication. I configured it using the Window Domain Membership YaST2 module and I can login successfully (although unreliably). The problem is that I need the UID and GID of the users on my computer to match the UID and GID assigned by Active Directory. Currently it just assigns UIDs and GIDs starting at 10000, which is completely different than the UID and GID used by Active Directory and by other Linux computer runs by the school (those use CentOS). Does anyone know how to get my openSUSE computer to assign UIDs and GIDs from Active Directory?
Code: mkdir: cannot create directory `/dev/cgroup/cpu/user/5900': No such file or directory bash: /dev/cgroup/cpu/user/5900/tasks: No such file or directory bash: /dev/cgroup/cpu/user/5900/notify_on_release: No such file or directory It seems like it's probably from this part of .bashrc:
[Code]...
What does this code do, why, and what's causing it to go wrong?
Unfortunately I haven't been able to figure out yet how to share specific directories only, so I set up my Samba server to share users' home directories (which is not a security issue here since the only possible client is my other machine). My user's home directory contains a symlinked directory on another hard drive partition, which I had to explicitly share to be able to access it from the other machine. This setup has been working for months now, but for a reason that escapes me at the moment it stopped working today, presumably after samba got updated from 3.4.2-1.1.3.1 to 3.4.3-3.2.1.
The error message on the client (Windows XP/SP3) for this one above mentioned directory, and for this directory alone, is "Access denied"; I can access all other directories fine.
i have a suse 11.3 machine and i cannot set it to be a NFS server that is i cannot mount a directory of this machine on another one running as well a 11.3 while i can mount without problem a directory from 10.0.i do not know where to start as the NFS server option seems to have vanished from YAST.
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
i have rhel 5.2 and i want to create user using useradd command without creating user home directory and not throwing any warning/error about not creating any home directory.i have tried useradd -u "$NEW_UID" -g <gid> -d "/home/$1" -M "$1"where $1 is user name and $NEW_UID is i am calculating.it throws error as useradd: cannot create directory /home/$1which i dont want to come , how to prevent this?
