Security :: Using Sudo To Give Read Access To Specific Directory?
Apr 29, 2011
I have a log server that collects logs from all the cisco devices on our network.he company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.
Code:
drwx------ 65 root root 4096 Apr 29 7:38 rsyslog
The cisco folks are requesting access to these logs, which is allowed by company policy.
[code]...
View 12 Replies
ADVERTISEMENT
May 26, 2010
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
View 5 Replies
View Related
Feb 12, 2011
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
View 8 Replies
View Related
Oct 23, 2009
We use PAM to control access to our RHEL4 servers. We would like PAM to give a message, of our choice, when users who are not allowed to login try to login. PAM's default is to let the user try 3 times without any explanation.
View 7 Replies
View Related
Feb 3, 2011
on the following link [URL] section 2 says
Quote:
The following directories need to be readable, writeable and executable for everyone:
* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/
[Code].....
I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.
View 2 Replies
View Related
Feb 8, 2011
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
View 1 Replies
View Related
Jan 18, 2011
I am trying to get a non-root account on one of our servers to run a script with sudo capability. To that end, I went into the /etc/sudoers file, and added the following syntax:
Code:
## Enable the nagios user to run the check_iptables.sh script as root
nagios ALL=NOPASSWD: /usr/local/nrpe/libexec/check_iptables.sh, /sbin/iptables
I restarted the nagios service, and tested the results. The results were the user account still could not run the script due to the user, nagios, not having permission to run the iptables binary.
Is there another step(s) that I need to take in order to get the sudo access available to the user account?
View 1 Replies
View Related
Jan 22, 2010
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
View 5 Replies
View Related
Feb 17, 2011
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code:
User_Alias Patrol=dave,john
root ALL=(ALL) ALL
Patrol ALL=(patrol) NOPSSWD: ALL
[Code].....
View 6 Replies
View Related
Jan 24, 2011
My home directory's permissions allow only myself access to it. Is it possible to put a file inside my home directory with.. say.. full permissions, and create a symlink to it so other users can access that file alone inside my home folder? System is Ubuntu Karmic.
View 2 Replies
View Related
Mar 8, 2010
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
View 7 Replies
View Related
May 30, 2010
On RedHat 5 64-bit.I have a group that requires read-only access to the /var directory.I believe someone mentioned SGID and ACL stuff, and I've been researching this solution, but I wanted to check with you all first to ensure there wasn't an easier way to do this. Basically, I just need folks that belong in this certain group to read the contains of any file/directory contained within /var.
View 5 Replies
View Related
Dec 19, 2010
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
View Related
Dec 23, 2010
I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
View 10 Replies
View Related
Jul 13, 2010
I have an ADSL modem and router, its OS is linux. It runs ftp service, and I can read files in its file system, but I have no permission to list files and to write files. It has TR069 protocol connections and can upgrade remotely.It has ssh, but not started.
View 1 Replies
View Related
May 2, 2011
I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
View 5 Replies
View Related
Jun 17, 2011
I was running a 2-partition hard drive, Windows Vista (lamentably) on one partition, and the other running Ubuntu. I began having trouble with the Vista partition, so I attempted to move as many of the files that I really wanted to keep as possible over to the Ubuntu partition, and then reformat and reinstall the Vista partition. As a result, I could no longer boot to Ubuntu, and I consistently got errors back from everything that I tried on the Vista partition.
The only way that I can now access anything on the hard drive is to insert the Ubuntu install disk, go into trial mode, then mount the partition. At long last, here is the problem: Is there anyway to possibly make the partition bootable again so that I could burn the files to a disk? From trial mode I can get to a number of the files on the mounted partition, HOWEVER, they are secured with the username and password of my user account on that partition. Is there any way that I can access the files from the trial mode by entering my username/password?
View 2 Replies
View Related
Aug 29, 2010
How can I give www-data permission to use sudo? I used to assign permission to users to use sudo using KDE but don't know how to do it on a headless server.Basicly I have a web application running that wants to call a command that needs root privs. When it calls this command it's running as www-data. I guess it's not working as www-data is not allowed to use sudo. If it can use sudo I could for example...Code:echo "password" | sudo -S "some admin command here"I could be wrong but i'm petty sure I just need to give www-data permission to use sudo?
View 5 Replies
View Related
Mar 14, 2011
I adjusted some settings in the desktop settings folder in KDE. I had only one user account on the machine. Next time I rebooted I could not log into KDE (it kept bombing out). I had to log into the console. Finally I managed to create a new account with useradd but this user cannot sudo
My problem is that my home directory is encrypted, so I need a new user with sudo privileges to delete all the kde files and folders in my original users home directory so that I can start with a new KDE setup (which won�t be a bad thing since I tinkered a lot).
How can I add sudo privileges to the new account (I presume I can do it by logging in with my sudo account in a terminal login?
View 9 Replies
View Related
Sep 16, 2010
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies
View Related
Aug 6, 2010
Just finished downloading a game in .run format, i downloaded it to my Home>Downloads folder and ran these commands in terminal: (game is tremulous if it matters)
chmod +x tremulous.run
./tremulous.run
It started it up in the terminal and i began working my way through the installation process, and i tried to install it into my Home>Games folder. (Is it supposed to be home>games or your username>games?)
and it said PERMISSION DENIED. No write permission to Home/Games/
How do i give myself read and write permissions to my game folder?
View 3 Replies
View Related
Jan 17, 2011
I did some digging on the sudo command and I do know the config file is /etc/sudoers Read the manual for sudoers and found out that I must use visudo to edit the file I read some of the examples at the bottom of the file and tried entering my own account in following the example. one of the commands I was trying to allow my account to perform without root login is the mount command So I tried adding this in (kreid8 /bin/mount ALL) I then saved & exited the file and logged out of root and tried sudo mount -t vfat /dev/sdc1 /media. I got an error saying I had to be root in order to do that But when I use the visudo -l option it shows that I have that privellege. Did I edit the file incorrectly?
View 6 Replies
View Related
May 29, 2010
I am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
View 14 Replies
View Related
Apr 23, 2011
I Have Configure Samba server in Centos, I need give permission like for some user(5User) can able to read and write the particular folder, and again i need give some another user(6user) can only read permission for same folder.
View 1 Replies
View Related
Aug 22, 2011
I'm trying to allow a specific group on my machine to execute one command with sudo without requiring a password, so what I want to do is add something like this to sudoers:
%groupName ALL = (ALL) NOPASSWD: /bin/bash /path/to/shfile.sh argument1 argument2
argument1 needs to be a url : http://subdomain1.subdomain2.domain.com
argument2 needs to be a path of the form /var/www/demo/SomeFolder/application/config/config.php
How do I put in a regex form that sudoers will understand ? I tried reading the sudoers manual, but it didn't help a lot .
View 1 Replies
View Related
Apr 29, 2010
I have installed a cvs server i want to give access to the cvs only from certain ip from my LAN is there any tag to add to /etc/xinetd.d/cvs file to do this. also provide me information on how to secure my server
View 2 Replies
View Related
Feb 26, 2010
can someone give me some details for ssh passthrough from ssh version1 to ssh version 2. ssh version1 to version1 and version 2 to version 2 works wel, but version 1 to version 2 is asking for a password ...
View 1 Replies
View Related
Feb 15, 2011
I just installed sudo (I have slackware but always got better help here ) and I tried doing a
Code:
sudo du /
to see if I could get a general size estimate of all the directories and despite running it sudo I still was told "Cannot read directory" on some of the directories on my pc. should sudo have made it so I could read them all?
View 9 Replies
View Related
Jan 12, 2011
like few sites i go to - IE: Facebook i want to take a webcam pic through facebook and in order to do it in windows u click take a picture then u have to click "allow" to give acess to the webcam....in ubuntu the screen comes up but theres no place to click allow....(im using adobe flash plugin for ubuntu........anyone know what i should do? also how can i tell if my webcam is working? my mic is working (which is built in to my webcam) but i am not sure about webcam
View 3 Replies
View Related
Apr 1, 2010
So on one of the Linux systems here (2.6 kernel if it matters), there's some weirdness regarding trying to ssh into the system. Basically, if you give it the wrong password on the first ssh attempt, it will give you two more attempts, but even if you give it the correct password, it still won't let you in on those subsequent attempts. (If you give the correct password on the first attempt, it will let you in.)
Example:
Code:
user1@machine1# ssh user2@machine2
user2@machine2's password: <wrong password>
Permission denied, please try again.
The system has sshd configured to use pam (i.e., UsePAM set to 'yes' in sshd_config), but I'm kind of a PAM dummy.
View 2 Replies
View Related