I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)
View 7 RepliesI had 2 accounts on a single system. Other users are able to see my data. how to stop other users to access my personal data.
View 8 Replies View RelatedI'm planning to centralize users and passwords and also create controls for user access to some equipment, for example, Linux Servers, Switches, routers and firewalls. In case of failure of the link between the ACS and AD or equipment to the ACS, this device would use local username and password.
At the moment, my AD structure is a Microsoft, Cisco ACS servers and Linux Standalone. I wish that both linuxs servers and network equipment were authorized by Cisco ACS on the accounts that are in Microsoft AD.
The configuration of the Cisco ACS to use the AD is done and no problems, the network equipment is OK too, but am having difficulties configuring the server for this solution.
I read the log
Code:
I found this print out:
Code:
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies View RelatedI have a server setup with all my web development stuff in /var/www and in several sub-folders within that. (each project having it's own folder)It works great with one FTP account. But recently I've been getting help on a projects from a buddy of mine that freelances, and have made him an FTP user account as well. All is fine, except for when he tries to edit a file and gets a permissions error.
Here's the issue, I don't want us to have the same FTP login, but all the files are currently owned by my user name. So, when he logs in to edit a file, he can't because I'm the owner, and the files are set to 744. Will I cause any harm by adding both users to the same group (www-data) and chmod'ing the files to 775 so that we can both access and modify the files?
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
how the file is generated or what it contains is not important at this point.The important question is how to prevent the file from being downloaded and its contents from being displayed in the browser window?Since it is not recognized by the web browser so it is downloaded on the system. That way, what the script does is exposed to the outside world.Okay, I usually keep such scripts in../cgi-bin/. But for files (text files, in the example) which are being uploaded by a user should not be downloaded by another user.
View 10 Replies View RelatedI have a site hosted with a cheap hosting company and limited control of the site. I need to allow some other users all over the world to have write access to files or complete directories and I have no idea how to do that. Initially I thought I could use "chown" somehow but it looks like it's a no-go with ftp and others. By default, there is a .htaccess file and a .htpasswd file in the root directory of the site and the hosting company suggested to use .htaccess file with something like below:
[Code]....
and put it in a .htaccess file in the directory of user1 but the server does not like something since I inserted that file. Is it an error in the script or is there more to it than that? Can someone point me to a suitable tutorial or explain what to do?
I have 2 users: carol, carol2 and 2 files in /: filea, fileb. I want to carol has access only to filea and carol2 only to fileb. I need to do this with MLS (range). I dont want do this with levels because user that is higher has access to both files. How to do that?
View 13 Replies View RelatedI had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
View 5 Replies View RelatedWe are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies View RelatedI have one requirement i.e I want to call the java file from the php function using shell_exec command , i am using the chroot jail concept , if i using this command i am getting the empty file because java environment is outside the chroot jail,so how to access the the files those are out side the chroot jail.
View 3 Replies View RelatedI am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies View RelatedI have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:
[Code]....
I was running a 2-partition hard drive, Windows Vista (lamentably) on one partition, and the other running Ubuntu. I began having trouble with the Vista partition, so I attempted to move as many of the files that I really wanted to keep as possible over to the Ubuntu partition, and then reformat and reinstall the Vista partition. As a result, I could no longer boot to Ubuntu, and I consistently got errors back from everything that I tried on the Vista partition.
The only way that I can now access anything on the hard drive is to insert the Ubuntu install disk, go into trial mode, then mount the partition. At long last, here is the problem: Is there anyway to possibly make the partition bootable again so that I could burn the files to a disk? From trial mode I can get to a number of the files on the mounted partition, HOWEVER, they are secured with the username and password of my user account on that partition. Is there any way that I can access the files from the trial mode by entering my username/password?
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
I have several directories, each owned by root and a group of the same name,By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.I'm not on samba or NFS, I have to do this for SSH users.The filesystem is ext3.I started to fool around with ACLs, but couldn't find what I was looking for.
View 3 Replies View RelatedTo avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View RelatedWhen I have different people log into our ftp and browse to the same folder, some people see the files inside, some don't. all the user accounts are in the same group, which has permission to this folder. but the one user who can see the files is the owner. how can i fix it so everyone in that group who's the owner of the folder can see the files?
View 10 Replies View RelatedI have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
Because I was browsing around in KDE and found out that I can view other users files and they can view mine.
View 1 Replies View RelatedI have a new server with Fedora 10. The root user can log in by SSH using an RSA key but for any other user the RSA key is ignored and a password required.Ultimately I wish to access an SVN server over SSH and would like to to have to keep entering a password. I have Googled this issue and found nothing.If I log on as root the /var/log/secure file shows that the key is accepted, for any other user no message is added and the password is requested.I have checked all the config files and as far as I can see they are all correct so I am at a complete loss as to why SSH will not use the users RSA key.
View 13 Replies View RelatedI want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?
View 9 Replies View RelatedI'm on Debian 5 - when I run the w command, it reports 2 users, but I'm the only person logged in. Is this cause for concern?
Code:
curos@histeria:~$ w
16:17:25 up 4 days, 11:56, 2 users, load average: 0.00, 0.00, 0.00
[code]....
OS: Fedora 14 i386It's used as a ""normal desktop laptop""."USER A" - it's the mainly used user, i log in with GDM with it, etc.Goal: I need a little more security - separate a few apps!How: run 3 applications ( Transmission, Google Chrome, Wine ) with other users ( so not with "USER A" ). But when i'm logged in ( in GUI ) with "USER A", i need icons on he's the Desktop. E.g.: just one click ( without asking for password!! ) and Google Chrome starts with another user.How exactly can i do this? - How can i "grant" "USER A" with permissions ( securely ) so that it doesn't needs a password, when running applications with "USER B", "USER C", etc.?
View 1 Replies View RelatedI've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies View RelatedI'm currently running tests on my SAM file on my XP partition. Partly because I want a password that is hard to crack, and also out of curiosity. While running John the Ripper (no options used) I'm noticing that there are 8 pasword hashes, yet only 4 users associated with WinXP. I know that JTR only does 7(?) characters when it check for a solution. Is the 8 hashes because it separates passwords longer than 7 into 2 hashes, and then cracks them individually as 2 parts? I did try googling this,
View 2 Replies View RelatedI created a new user desktop user for my girlfriend to use my netbook, but when she logs in, it doesn't show the wireless network icon. Under users and groups, I gave her access to wired and wireless networks, and under the network settings,I changed our wireless to "available to all users". I'm not sure what the problem is here.I'm using ubuntu netbook remix 10.04.
View 3 Replies View Related