Ubuntu Servers :: How To Secure Commands By Disabling Group Access
Dec 20, 2010
I'm running a server using ubuntu 10.04 x64. I want to disable access of groups to "bin" folder so they cannot execute commands.
[info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.]
So what I wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it. How is it possible?
I'm running a server using CentOS 5 x64 I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] so what i wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it.
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
I have ubuntu installed on an external hard drive. My ubunutu "Places" shows my windows partition which is on my internal hard drive. I would like to PERMANENTLY disable accessing windows partition in Ubuntu. I don't want to set authentication,etc. I want to PERMANENTLY disable it. I tried commenting "/etc/fstab" file but it still shows up in "Places" tab. I absolutely hate this. I would like to get rid of this. If nothing goes well I will get rid of Ubuntu itself.
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
I have a headless Ubuntu computer which is primarily use as a server but which has Ubuntu desktop edition installed. I use X forwarding through SSH occasionally to use GUI programs so I am not looking to remove them. However, I would like to disable any GUI elements that would be started automatically when the computer is booted. Is the graphical login screen the only thing that would be run? or is nautilus, gnome-session etc. started as well? How would I go about removing the necessary entries from the init scripts?
I used to be able to connect to my uni secure access vpn by navigating to the appropriate page, logging in and clicking "start" by "Network Connect" etc. etc. After an update to firefox it had been failing, giving me a "session timeout" MsgBox. I have tried clearing history etc and reinstalling firefox. I have also tried different browsers with no success.
So, I have since upgraded to 9.10 and now I get "Setup Failed, Sorry" in the bottom left of the screen (where "Done" is displayed once a page has loaded)...
I am now trying a different approach. I have downloaded ncui-6.5R2.i386.rpm and unpacked it fine. I have tried running it, without success and have also run the diagnostic - I will post results below:
When I try and run ./ncsvc I get the following:
Code: ncsvc> Failed to setuid to root. Error 1: Operation not permitted
I was wondering how safe is to use rdp to access my linux box. I am a little bit concerning about this issue because as I read on opensuse's web site rdp is "less" secure. The thing is that I do not know how much less is this "less"
How do you enable/disable the autostart of services. For example let's say I know I'm not gonna use apache and mysql for a while and don't want it to autostart anymore how do I disable it ?
And then once it is needed again how do you enable the autostart again ?
My better half spilled some coffee on her 8month old macbook and it decided not to work anymore. Apple says it will cost around $800 or more to fix, we wont be paying that, Ill be finding a logic board or service somewhere online now that our warranty is shot and going that route.But before I send the macbook off anywhere I need to pull some data off the HDD. I was able to plug the HDD into my Linux box(internally, I dont have an external enclosure). I was able to mount the drive and copy the directories I wanted to the HDD on my linuxbox.
But Im unable to to access the directory from the terminal or from the file browser, I get an access denied message. Because I know the username and password for the macbook is there a way I can use that to gain access to the directories?Google got me this far, but when I googled "access locked directory ubuntu" or any variation of that with the terms linux and osx thrown in there for good measure.
They are running Kubuntu. How to access their desktop from my home or office using Internet. Logically I remembered about kfrb and X11-vnc. But both of them need some approach to provide security. I'd like if someone could give me some pieces of advice on choosing the simplest and better approach:
To secure kfrb or x11-vnc is simpler or better to mount a vpn or to use an ssh tunnel? Is there any other solution? My pearents ISP use DHCP, so I think it would require some service like dyndns or similar...
I'm trying to setup an open-source project, I have a couple of developers on the team but nobody has experience with Apache. I would like to setup a simple home server for Bugzilla on Ubuntu 10.04, so my question is, is there a server that comes secure out-of-the-box so that simply adding files to /htdocs would suffice?
I would like to be able to access my data file that reside on my Linux machine at home from the Internet but I don't want to open any "doors" for lack of a better word that will compromise the security of my files. I am running F11 and I am using cable broadband and a Linksys router.I have been able to get ssh working with OpenSSH while I am at home but I don't really need or want to ssh remotely, I would rather setup what I think is called an ftp. I just want to be able to up and download files to my Linux machine.
cat /etc/group | grep www-data | grep chad chad:x:1000:www-data
the user www-data should have read access to my folder but i am still getting a 403 forbidden error i have done this before without issue anyone see what is wrong? i have a folder i use for file transfers over IM it is more reliable than the messengers file transfer abilities
We are aware that unix has three sets of permission such as owner, group and others. I have a requirement to have a read-only access to a folder and sub-folders and the group that currently holds can't be used. Because it has write privileges. I would rather not prefer to use others, because it opens to each user in the system.have read-only access for another group?
I was running a 2-partition hard drive, Windows Vista (lamentably) on one partition, and the other running Ubuntu. I began having trouble with the Vista partition, so I attempted to move as many of the files that I really wanted to keep as possible over to the Ubuntu partition, and then reformat and reinstall the Vista partition. As a result, I could no longer boot to Ubuntu, and I consistently got errors back from everything that I tried on the Vista partition.
The only way that I can now access anything on the hard drive is to insert the Ubuntu install disk, go into trial mode, then mount the partition. At long last, here is the problem: Is there anyway to possibly make the partition bootable again so that I could burn the files to a disk? From trial mode I can get to a number of the files on the mounted partition, HOWEVER, they are secured with the username and password of my user account on that partition. Is there any way that I can access the files from the trial mode by entering my username/password?
I would like to set up a proxy server at home which i can use to access sites from work. I was thinking a web-page i log into and then a sort of use like a browser? like this for example, but where i can have a secure login
I am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
I installed AWSTATS on my LAMP 10.04 LTS and followed several tutorials URL...) but I can't secure the folder, either by an alias or by .htaccess. I tried both methods manually and by using Webmin.If you go to the URL www.mywebsite/awstats/awstats.pl it shows up, which is good, but this is the default installation site and anyone who knows awstats could possibly see my stats. The conf folder is /etc/awstats/, and I did an alias for that, then .htacess, but neither worked. With the .htaccess, I would get a password promt but the full stats page was visible behind the password promt, and if you clicked "Cancel" about 20 times or so the promt would go away and the full stats page would be visible.
The actual file that powers awstats is in /usr/share/lib/cgi-bin/awstats.pl, and I also tried an Alias and .htaccess seperately and neither worked.I restarted apache2 after each change and I've searched several forums, but I still can't figure this out.
I am facing a problem concerning secure websites where I get the "Connection Reset" error in browser after a timeout of I think 1 minute.
OS: Fedora 14 ( I faced same problem with Ubuntu 10.10 )Browsers: Chrome and Firefox
The issue is not there on Windows using Chrome and Firefox so I believe this is a problem with how linux manages secure connections. I can access all the google secure websites too. There a few other websites apart from facebook.com that I know which I am unable to access.
# Create a directory, and user, assign ownership of dir to that user and usergroup. sudo mkdir /mysecureddir sudo useradd mysecureduser sudo chown mysecureduser:mysecureduser /mysecureddir
[code].....
I've read some similar issues dealing with apache, but its still not clicking for me. Group has rwx access to directory and everything in it. I'm in the group.
We are using Nagios Server for different sites say India,US,Germany. All of them are in their respective groups. Now how do i create web access to 3 of them, so that they can monitor only their server? Say, India shouls be able to see and monitor only India group, US guys should able to monitor only US servers. And they not be anle to access other group.
After upgrading to Natty Narwhal my Crypt Keeper app will not launch. I am now unable to access secure files. Has anyone had this issue after their upgrade to Natty Narwhal? If so, How were able to resolve this issue.
I'm running Ubuntu Server 9.10 and I'm looking to setup an FTP server. I have SSH running beautifully and it's accessible from any computer whether it be inside the network or coming in from the internet (provided you have the administrator username and password ). I've tried Proftpd and vsftpd and have failed miserably so far. Which FTP server application do you think I should go with and how could I go about setting it up through my SSH connection?
My current setup is this: - Ubuntu Server 9.10 with Fixed IP of 192.168.1.100 - 500GB Hard Drive - SDA1 = 512MB ext2 /boot - SDA2 = 2GB swap - SDA3 = 20GB ext4 / - SDA5 = 438GB ext4 /home - One User (Username = administrator) - Full SSH Capabilities - IP Address to DNS provided by www.dyndns.org - WRT120N Router with Remote Access and Port 22 Open
I basically want to set up a secure FTP server that anyone on the internal network can access as well as anyone from the internet (as long as they have a username and password). I want to setup a username and password for each user so that they all have read/write access to the same folder in my /home partition (I'll call it FTPSHARE).
I am trying to remove the ability to login with password so, I follow the procedures I have found to generate a key, copy it on the server and after editing the sshd_conf file to set PasswordAuthentication to no, after I restart ssh, I find my self locked out of it....
how to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz 4 GB RAM Eventually 2x250GB Sata Hard Drives
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
