Red Hat / Fedora :: Secure Commands By Disabling Group Access?
Dec 21, 2010
I'm running a server using CentOS 5 x64 I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] so what i wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it.
I'm running a server using ubuntu 10.04 x64. I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] So what I wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it. How is it possible?
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
I would like to be able to access my data file that reside on my Linux machine at home from the Internet but I don't want to open any "doors" for lack of a better word that will compromise the security of my files. I am running F11 and I am using cable broadband and a Linksys router.I have been able to get ssh working with OpenSSH while I am at home but I don't really need or want to ssh remotely, I would rather setup what I think is called an ftp. I just want to be able to up and download files to my Linux machine.
I am facing a problem concerning secure websites where I get the "Connection Reset" error in browser after a timeout of I think 1 minute.
OS: Fedora 14 ( I faced same problem with Ubuntu 10.10 )Browsers: Chrome and Firefox
The issue is not there on Windows using Chrome and Firefox so I believe this is a problem with how linux manages secure connections. I can access all the google secure websites too. There a few other websites apart from facebook.com that I know which I am unable to access.
On RedHat 5 64-bit.I have a group that requires read-only access to the /var directory.I believe someone mentioned SGID and ACL stuff, and I've been researching this solution, but I wanted to check with you all first to ensure there wasn't an easier way to do this. Basically, I just need folks that belong in this certain group to read the contains of any file/directory contained within /var.
I have ubuntu installed on an external hard drive. My ubunutu "Places" shows my windows partition which is on my internal hard drive. I would like to PERMANENTLY disable accessing windows partition in Ubuntu. I don't want to set authentication,etc. I want to PERMANENTLY disable it. I tried commenting "/etc/fstab" file but it still shows up in "Places" tab. I absolutely hate this. I would like to get rid of this. If nothing goes well I will get rid of Ubuntu itself.
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
I was wondering how safe is to use rdp to access my linux box. I am a little bit concerning about this issue because as I read on opensuse's web site rdp is "less" secure. The thing is that I do not know how much less is this "less"
My better half spilled some coffee on her 8month old macbook and it decided not to work anymore. Apple says it will cost around $800 or more to fix, we wont be paying that, Ill be finding a logic board or service somewhere online now that our warranty is shot and going that route.But before I send the macbook off anywhere I need to pull some data off the HDD. I was able to plug the HDD into my Linux box(internally, I dont have an external enclosure). I was able to mount the drive and copy the directories I wanted to the HDD on my linuxbox.
But Im unable to to access the directory from the terminal or from the file browser, I get an access denied message. Because I know the username and password for the macbook is there a way I can use that to gain access to the directories?Google got me this far, but when I googled "access locked directory ubuntu" or any variation of that with the terms linux and osx thrown in there for good measure.
I used to be able to connect to my uni secure access vpn by navigating to the appropriate page, logging in and clicking "start" by "Network Connect" etc. etc. After an update to firefox it had been failing, giving me a "session timeout" MsgBox. I have tried clearing history etc and reinstalling firefox. I have also tried different browsers with no success.
So, I have since upgraded to 9.10 and now I get "Setup Failed, Sorry" in the bottom left of the screen (where "Done" is displayed once a page has loaded)...
I am now trying a different approach. I have downloaded ncui-6.5R2.i386.rpm and unpacked it fine. I have tried running it, without success and have also run the diagnostic - I will post results below:
When I try and run ./ncsvc I get the following:
Code: ncsvc> Failed to setuid to root. Error 1: Operation not permitted
They are running Kubuntu. How to access their desktop from my home or office using Internet. Logically I remembered about kfrb and X11-vnc. But both of them need some approach to provide security. I'd like if someone could give me some pieces of advice on choosing the simplest and better approach:
To secure kfrb or x11-vnc is simpler or better to mount a vpn or to use an ssh tunnel? Is there any other solution? My pearents ISP use DHCP, so I think it would require some service like dyndns or similar...
We are aware that unix has three sets of permission such as owner, group and others. I have a requirement to have a read-only access to a folder and sub-folders and the group that currently holds can't be used. Because it has write privileges. I would rather not prefer to use others, because it opens to each user in the system.have read-only access for another group?
# Create a directory, and user, assign ownership of dir to that user and usergroup. sudo mkdir /mysecureddir sudo useradd mysecureduser sudo chown mysecureduser:mysecureduser /mysecureddir
[code].....
I've read some similar issues dealing with apache, but its still not clicking for me. Group has rwx access to directory and everything in it. I'm in the group.
We are using Nagios Server for different sites say India,US,Germany. All of them are in their respective groups. Now how do i create web access to 3 of them, so that they can monitor only their server? Say, India shouls be able to see and monitor only India group, US guys should able to monitor only US servers. And they not be anle to access other group.
I have a directory that needs to be owned by nginx user and I need to access it via other users in order to add/edit/delete files in it. So I created a group called www and added both then chgrp -R on the directory. However I am still getting a "unavailable to access no permissions" sort of error in my SSH/SCP/what ever you want to call Mac's Transmit. ls -a output drwxr----- 3 nginx www 4096 Jul 17 23:56 nginx
cat /etc/group | grep www-data | grep chad chad:x:1000:www-data
the user www-data should have read access to my folder but i am still getting a 403 forbidden error i have done this before without issue anyone see what is wrong? i have a folder i use for file transfers over IM it is more reliable than the messengers file transfer abilities
I Want to be able to let my girlfriend view my pictures folder while at the same time keeping my sister out. So I created a group "JessAndI" and made myself and her apart of that group. I changed the group of the directory recursively to "JessAndI" and gave the permissions to 770. She still isn't able to access or even view the directory unless i change the permissions to allow others whether it be 774 or 777. Am i doing something wrong? I've checked and double checked to make sure she is part of the group and the group is the group on the directory and all the sub-directories and files.
I'm on a regular Fedora 9 desktop computer with an ext3fs filesystem.
I'm trying to give myself access to /dev/ttyS0. This is because I'm developing code that uses a serial port. While I'm developing this code I don't want to be continually working as super user. I have the following information about /dev/ttyS0:
Code:
So as root I added myself (username freddy) to the group uucp. This is just temporary, for while I work on this code and try different stuff as user freddy. Once the code is established and I have a single program with a fixed name, I plan to give myself an entry in /etc/sudoers that will allow me to run the finished program.
Here's the info on user freddy:
Code:
The problem then is that now if I try to use /dev/ttyS0 I can't.
Code:
I thought that if I was a member of group uucp which is associated with /dev/ttyS0 that I would be given rw access to /dev/ttyS0. What am I missing here?
I've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.
If that cannot be done, is it possible to disable LDAP root user to access these machines?
I was running a 2-partition hard drive, Windows Vista (lamentably) on one partition, and the other running Ubuntu. I began having trouble with the Vista partition, so I attempted to move as many of the files that I really wanted to keep as possible over to the Ubuntu partition, and then reformat and reinstall the Vista partition. As a result, I could no longer boot to Ubuntu, and I consistently got errors back from everything that I tried on the Vista partition.
The only way that I can now access anything on the hard drive is to insert the Ubuntu install disk, go into trial mode, then mount the partition. At long last, here is the problem: Is there anyway to possibly make the partition bootable again so that I could burn the files to a disk? From trial mode I can get to a number of the files on the mounted partition, HOWEVER, they are secured with the username and password of my user account on that partition. Is there any way that I can access the files from the trial mode by entering my username/password?
I have created vsftp server with grop of users and they can access only to /home/ftp-folder file which i made for them..nw if i apply read rite privilages to this folder then these previlages get by users in the group obvious...bt wot i want z if i creat a folder in /home directory i.e /home/test and i want the particular user in the group can have 777 access and other users in the grop coud nt access that folder..
After upgrading to Natty Narwhal my Crypt Keeper app will not launch. I am now unable to access secure files. Has anyone had this issue after their upgrade to Natty Narwhal? If so, How were able to resolve this issue.
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
Im trying to setup SYSCP, only to use to make my life easy, and not commercial.When adding a ftp account, the folder it not created, allso there is no files created in the site-enabeld folder when adding domains.Im guessing is it something whit access from the php, but what should i change?
I have this project and it needs me to write a programe that will interface with a hardware device thruogh the parallelport.I did that, but I feel i might be using the wrong commands because when runing it i get a segmentation fault or a 'changing ownership of file ; operation not permitted.
