Ubuntu Security :: Adding User With Access To Mount Point Over SSHFS Only
Sep 2, 2010
I'd like to add a user to my server that will only have access to a mount point over sshfs. Is there any way I can provide them this access without actually giving them permission to open a terminal on my server? I tried /bin/false and /sbin/nologin already, but /bin/false didn't allow the mount point to be made and /sbin/nologin prevented a login completely (also stopped the mount point from working).
View 6 Replies
ADVERTISEMENT
Apr 21, 2010
We recently had a serious loss of data because of SSHFS mounting. A user in our group mounted the entire home directory of our server (/home). This was so they could easily move between user folders to read/write data from other people involved in the same project. They then deleted several folders that were not in there home directory.
Now I know this is a bad idea and that there should be a dedicated "projects" folder where everyone collaborates and does their stuff. Such a folder/system exits but I can't make them use it. My question: Is there anyway to configure SSHFS such that the only thing the user's can mount is their home directory? Obviously this won't fix the problem since they can sym-link to other folders but I've got to start somewhere. Perhaps there's a better solution (one that doesn't involve me nagging users about proper form).
View 4 Replies
View Related
Dec 11, 2010
I have a directory, /root/backup, that I mount and run a bunch of rysnc scripts against to backup my box. I'm running into a very recent problem where when I run this command:
A directory that once looked like this:
Goes to this:
It changes from root to www (another user on my system) and I have no idea why.
When I look at the /mount/procs file, I see this:
So it looks like the uid is correct...
I believe this is what is causing my rsync scripts to fail (they only copy over directories and not the files in those directorys and I get a lot of permissions failed errors)
All of this is run as root in cron jobs
As a note, here is a sample rsync command:
View 4 Replies
View Related
Oct 20, 2010
In my machine, there are 2 mount points - / and /userdata. From the root user, I want to create an oracle user at the /userdata mount point, i.e the home of the oracle user should be mounted on /userdata.
View 7 Replies
View Related
Jan 6, 2011
I want to configure icecast2 server with authentication in mount point so i did as was in help file but was not able to add user in htpasswd file
config file details
=====================
<mount>
<mount-name>/live</mount-name>
<max-listeners>500</max-listeners>
<max-listener-duration>3600</max-listener-duration>
<charset>ISO8859-1</charset>
<public>1</public>
[Code]...
View 4 Replies
View Related
Jan 10, 2010
I'm using some software that using mount point such as truecrypt. I also mount shared folder on other machine (fileserver) and publish it using ftp. The problem is when the truecrypt volume dismounted or the shared folder mount point loosing connection to the fileserver, user can write to the mount point without knowing that they actually not writing to the truecrypt volume or to the shared folder.
My question is, when sometime the server reboot and truecrypt volume is not mounted yet, how to prevent write to the mount point? I dont run truecrypt mount automatically for security reason.Some question for shared folder, if fileserver restart and the shared folder mount point got disconnected, how to prevent write to the mount point?
View 2 Replies
View Related
Apr 2, 2011
Whilst my office is decorated I have to move my computer. To make this as easy as possible I have setup my first ever wifi. An access point (wired to adsl router). It is working by using wicd and I am wireless at the moment. What security should I put in place (wicd says unsecured). I am probably quite safe as the nearest road or house is 200m away but I would like to learn what I need to do as this is the first time in over 20 years of computing that I have gone wireless.
View 8 Replies
View Related
Mar 19, 2010
i'm in search of Script that sends a mail to the user if the mount point goes beyond 80% of its full space.
send mail is configured in the system so that it can communicate with mail server.
View 1 Replies
View Related
Mar 18, 2011
I am struggling with getting an sshfs mount mounted on system boot. I have a script that mounts the sshfs for "userA". When userA runs the script all is well - user A can access the remote filesystem, root user can't see it as expected. The basic command is: sshfs userA@remote host:/home/userA /home/userA/mountdir -p 21212 -o password_stdin < passwordfile. I can prepend the sshfs command in the script with su - userA -c and when I run this script logged in as root all is well, userA has access and all is well. If I then put this script in /etc/init.d and reference it properly in the rc. directories the mount doesn't happen. If I prepend the sshfs command with sudo, same thing. Logged in as root I can run the script and UserA has access. Run the script in /etc/init.d during startup and the mount doesn't happen. Echoing text to a log file shows that the script is being executed but no mount happens.
View 4 Replies
View Related
Jun 15, 2010
I'm trying to edit a "xl2tpd.conf" file but it always says I have no write permission tried to add my account to admin group but it says something about not able to lock on password try later.
View 3 Replies
View Related
Jul 13, 2010
I am going to remove root access via SSH which seems fine but I don't know how to add a new user, do I have to create a group first or are there existing groups I can add a user to, and does it matter which group I add a user to if I want this user to have root access with sudo?
View 11 Replies
View Related
Aug 13, 2010
I have a shared folder that has it's access restricted to certain users on a file server at work. Currently when I try to add a user I follow this process:
Right click the Folder, go to Properties
Click the "Access Control List" tab
Select a user from the "Participants List"
Click Add
For most users this process works fine but with one of them I get the following error:
"Could not add ACL entry: Invalid Argument"
I also tried a script that a former employee created which seems to employ this command:
setfacl -m u:<USER>:rw- <PATH>
Running the command with the correct user and path returns a similar "Invalid Argument" error.
We're using OpenSuse 10.2.
View 1 Replies
View Related
Sep 20, 2010
what commands should I need to run on CentOS to add user on tortoisesvn repository browser? any related link out there?
View 2 Replies
View Related
Jun 17, 2010
I use this command to mount sshfs:sshfs -o idmap=user user@ip:/home/user/public_html ~/FolderThen I enter my password. I do this every time I start my computer
View 3 Replies
View Related
Apr 8, 2011
I've got a non-vital sshfs filesystem in my fstab (by non-vital I mean just files that I access on-demand).However, the fstab file seems to get read and things try to mount before the network has been brought up. I recently switched to Kubuntu 10.10 from Arch, and Arch didn't display this behaviour.I'm wondering if it's possible to make it mount the sshfs filesystem AFTER the network has been brought up?
View 2 Replies
View Related
Apr 23, 2010
I have a bash script that uses sshfs to remotely mount an SSH directory.
Where should i place this script so it mounts with route privileges?
One consideration is i use VPN so the directory needs to be mounted after openvpn is started.
View 3 Replies
View Related
Oct 17, 2010
I'm trying to set up sshfs on a desktop/fileserver so that I can mount its HDD's I use for storage on my laptops. My issue seems to be getting permission to write to the mounted drives. I just keep getting permission denied. here is what I think are some relevant tidbits.
mount point on server,
Code:
joe@joe-desktop:~$ ls -ld ~/sda2
drwxr-xr-x 2 root root 16384 1969-12-31 19:00 /home/joe/sda2
HDD I'm trying to mount
Code:
joe@joe-desktop:~$ ls -ld /dev/sda2
brwxrwxrwx 1 joe disk 8, 2 2010-10-17 15:22 /dev/sda2
Mount point on client
Code:
joe@joe-laptop:~$ ls -ld ~/sda2
drwxrwxrwx 2 joe joe 4096 2010-10-17 19:58 /home/joe/sda2
This is the command I'm trying to use to mount
Code:
sshfs joe@192.168.1.103:/home/joe/sda2 ~/sda2
I can chmod the mount on the server to 777 but as soon as I mount the HDD to the server all write permission just goes *poof* and its back to "drwxr-xr-x".Chown seems either, it just wont stick.
View 8 Replies
View Related
Mar 6, 2010
I'm wondering if anyone can give me some guidance, or point me to a relevant reference for setting up a single purpose ssh key.I have setup a single purpose key for rsync, where I have command="/path/to/rsync-secure" associated with the public key in .ssh/authorized_keys, and the rsync-script checks to make sure incoming commands begin with 'rsync --secure', What I would like to do is do something similar to allow sshfs access, and have the server path that can be mounted locked down to a particular location. Does anyone have any suggestions as to how this could be done?As an aside, I might also want to restrict the above rsync script to only allow synchronization to a particular path.
View 1 Replies
View Related
Mar 13, 2009
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
View 2 Replies
View Related
Jan 22, 2010
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
View 5 Replies
View Related
Sep 13, 2010
I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
View 8 Replies
View Related
Jun 12, 2011
How can I give 1 user access to mount 1 particular filesystem? This is for Debian 6 64bit.
View 4 Replies
View Related
Jan 26, 2010
I need to mount a partition that is on a server (via samba).
I am doing the following in my fstab
Quote:
//server/www /media/www cifs rw,user,allow_other,default_permissions,credential s=/root/.smbcredentials,iocharset=utf8,dir_mode=0777,file_ mode=0777 0 0
I can mount it but it just allows me to access with the root user. How can I do it to get access with any user?
Additional Data: I added "rw,user,allow_other,default_permissions" because I thought that would solve de problem but it didn't.
View 1 Replies
View Related
Sep 19, 2010
is there any way to make user with command text, just with accessbility to change network IP Address ?
View 4 Replies
View Related
May 11, 2011
I managed to make an old parallel port scanner work in ubuntu 11.04 with SANE. Everything's perfect but one thing: scanner applications work only if they are executed as a root.After further researching, I've found the cause is that only the root has read and write permissions on the device /dev/parport0 which is my parallel port. If I set the right permissions giving sudo chmod a+rw /dev/parport0 I solve my problem, but just untill next reboot... the system resets root only permissions at each restart. I would like to make that change permanent... what can I do?
View 6 Replies
View Related
Mar 23, 2009
My wife's XP has crashed and I need to save files. I've discovered the command to mount the hard drive - unfortunately I need to force the mount, but I can't do it because I have to be in root. I can see the root user in the user list, but when I try to switch I can't access it. How I can do it to back up my wife's files. I have Kubuntu 8 and KDE 4.1.
View 2 Replies
View Related
Jan 18, 2011
I am trying to get a non-root account on one of our servers to run a script with sudo capability. To that end, I went into the /etc/sudoers file, and added the following syntax:
Code:
## Enable the nagios user to run the check_iptables.sh script as root
nagios ALL=NOPASSWD: /usr/local/nrpe/libexec/check_iptables.sh, /sbin/iptables
I restarted the nagios service, and tested the results. The results were the user account still could not run the script due to the user, nagios, not having permission to run the iptables binary.
Is there another step(s) that I need to take in order to get the sudo access available to the user account?
View 1 Replies
View Related
Sep 24, 2010
I heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny
View 3 Replies
View Related
May 5, 2011
How do I configure my Debian installation to mount external USB drives to mount points based on the volume names of the drives? For instance, if I have a thumb drive with the volume name of "SWORDFISH," how do I have Linux mount it at /media/SWORDFISH? I'm aware that this can be setup in FSTAB, but that requires that I know the UUID of the device beforehand and that I take the time to set each external device up in FSTAB first. That does nothing for me when I have a thumb drive that has never been plugged into my computer before.
This seems to be setup by default in Ubuntu/Kubuntu, but is not working for me with a fresh installation of Debian Squeeze and KDE4. I've spent the past 2 hours Googling for a solution and have turned up nothing. UPDATE: My results are inconsistent. Sometimes Debian mounts devices to mount points based on the volume names, and other times it gives them generic mount points (e.g. /media/usb1).
View 2 Replies
View Related
Feb 16, 2010
On SUSE 11.2 when a CD or DVD is automounted (in the /media directory) it appears that the mount point chosen for the disk always has extra blanks at the end of the mount.
For example, if the label on the CD was DISK-001, the mount point chosen by SUSE is
/media/DISK-001 /
In 11.1 (and earlier) the mount point would have been
/media/DISK-001/
I'm assuming that the trailing blanks are filling in unused or blank chars at the end of the CD label.
Is there any way to change this annoying behavior? I much prefer NOT to have trailing blanks in the mount point.
View 3 Replies
View Related