Ubuntu Servers :: How To Secure Commands By Disabling Group Access
Dec 20, 2010
I'm running a server using ubuntu 10.04 x64. I want to disable access of groups to "bin" folder so they cannot execute commands.
[info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.]
So what I wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it. How is it possible?
View 1 Replies
ADVERTISEMENT
Dec 21, 2010
I'm running a server using CentOS 5 x64 I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] so what i wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it.
View 1 Replies
View Related
Apr 23, 2010
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
View 2 Replies
View Related
Aug 11, 2010
I have ubuntu installed on an external hard drive. My ubunutu "Places" shows my windows partition which is on my internal hard drive. I would like to PERMANENTLY disable accessing windows partition in Ubuntu. I don't want to set authentication,etc. I want to PERMANENTLY disable it. I tried commenting "/etc/fstab" file but it still shows up in "Places" tab. I absolutely hate this. I would like to get rid of this. If nothing goes well I will get rid of Ubuntu itself.
View 3 Replies
View Related
Mar 29, 2011
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
View 9 Replies
View Related
Jan 29, 2010
I have a headless Ubuntu computer which is primarily use as a server but which has Ubuntu desktop edition installed. I use X forwarding through SSH occasionally to use GUI programs so I am not looking to remove them. However, I would like to disable any GUI elements that would be started automatically when the computer is booted. Is the graphical login screen the only thing that would be run? or is nautilus, gnome-session etc. started as well? How would I go about removing the necessary entries from the init scripts?
View 2 Replies
View Related
Aug 20, 2010
What's the command to access a secure shell?
View 2 Replies
View Related
Aug 26, 2010
I used to be able to connect to my uni secure access vpn by navigating to the appropriate page, logging in and clicking "start" by "Network Connect" etc. etc.
After an update to firefox it had been failing, giving me a "session timeout" MsgBox. I have tried clearing history etc and reinstalling firefox. I have also tried different browsers with no success.
So, I have since upgraded to 9.10 and now I get "Setup Failed, Sorry" in the bottom left of the screen (where "Done" is displayed once a page has loaded)...
I am now trying a different approach. I have downloaded ncui-6.5R2.i386.rpm and unpacked it fine. I have tried running it, without success and have also run the diagnostic - I will post results below:
When I try and run ./ncsvc I get the following:
Code:
ncsvc> Failed to setuid to root. Error 1: Operation not permitted
So I did a sudo ./ncsvc , which gives:
Code:
mkdir(/root/.juniper_networks) failed: Permission denied
I am pretty sure that my password above is correct - I re-tried it and got the same message... I can definitely do, e.g., sudo apt-get update fine.
I then ran all of the tests available in ncdiag (./ncdiag -A) which gave the following info which might be useful
Code:
NC Diagnostics for Linux.
Version 1.0.
Release Date/Time: Dec 9 2009 04:36:09
[Code].....
View 2 Replies
View Related
Feb 26, 2010
I was wondering how safe is to use rdp to access my linux box. I am a little bit concerning about this issue because as I read on opensuse's web site rdp is "less" secure. The thing is that I do not know how much less is this "less"
View 6 Replies
View Related
Apr 10, 2011
How do you enable/disable the autostart of services. For example let's say I know I'm not gonna use apache and mysql for a while and don't want it to autostart anymore how do I disable it ?
And then once it is needed again how do you enable the autostart again ?
View 5 Replies
View Related
Dec 17, 2010
When I first start up the computer, I would like to remove the login screen so I do not have to input a password. How can I do this?
View 1 Replies
View Related
Dec 20, 2010
My better half spilled some coffee on her 8month old macbook and it decided not to work anymore. Apple says it will cost around $800 or more to fix, we wont be paying that, Ill be finding a logic board or service somewhere online now that our warranty is shot and going that route.But before I send the macbook off anywhere I need to pull some data off the HDD. I was able to plug the HDD into my Linux box(internally, I dont have an external enclosure). I was able to mount the drive and copy the directories I wanted to the HDD on my linuxbox.
But Im unable to to access the directory from the terminal or from the file browser, I get an access denied message. Because I know the username and password for the macbook is there a way I can use that to gain access to the directories?Google got me this far, but when I googled "access locked directory ubuntu" or any variation of that with the terms linux and osx thrown in there for good measure.
View 3 Replies
View Related
Feb 7, 2010
They are running Kubuntu. How to access their desktop from my home or office using Internet. Logically I remembered about kfrb and X11-vnc. But both of them need some approach to provide security. I'd like if someone could give me some pieces of advice on choosing the simplest and better approach:
To secure kfrb or x11-vnc is simpler or better to mount a vpn or to use an ssh tunnel? Is there any other solution? My pearents ISP use DHCP, so I think it would require some service like dyndns or similar...
View 2 Replies
View Related
May 30, 2011
I'm trying to setup an open-source project, I have a couple of developers on the team but nobody has experience with Apache. I would like to setup a simple home server for Bugzilla on Ubuntu 10.04, so my question is, is there a server that comes secure out-of-the-box so that simply adding files to /htdocs would suffice?
View 1 Replies
View Related
Mar 15, 2010
I would like to be able to access my data file that reside on my Linux machine at home from the Internet but I don't want to open any "doors" for lack of a better word that will compromise the security of my files. I am running F11 and I am using cable broadband and a Linksys router.I have been able to get ssh working with OpenSSH while I am at home but I don't really need or want to ssh remotely, I would rather setup what I think is called an ftp. I just want to be able to up and download files to my Linux machine.
View 6 Replies
View Related
Jun 27, 2011
Code:
cat /etc/group | grep www-data | grep chad
chad:x:1000:www-data
the user www-data should have read access to my folder but i am still getting a 403 forbidden error i have done this before without issue anyone see what is wrong? i have a folder i use for file transfers over IM it is more reliable than the messengers file transfer abilities
View 5 Replies
View Related
Oct 15, 2010
We are aware that unix has three sets of permission such as owner, group and others. I have a requirement to have a read-only access to a folder and sub-folders and the group that currently holds can't be used. Because it has write privileges. I would rather not prefer to use others, because it opens to each user in the system.have read-only access for another group?
View 1 Replies
View Related
Jun 17, 2011
I was running a 2-partition hard drive, Windows Vista (lamentably) on one partition, and the other running Ubuntu. I began having trouble with the Vista partition, so I attempted to move as many of the files that I really wanted to keep as possible over to the Ubuntu partition, and then reformat and reinstall the Vista partition. As a result, I could no longer boot to Ubuntu, and I consistently got errors back from everything that I tried on the Vista partition.
The only way that I can now access anything on the hard drive is to insert the Ubuntu install disk, go into trial mode, then mount the partition. At long last, here is the problem: Is there anyway to possibly make the partition bootable again so that I could burn the files to a disk? From trial mode I can get to a number of the files on the mounted partition, HOWEVER, they are secured with the username and password of my user account on that partition. Is there any way that I can access the files from the trial mode by entering my username/password?
View 2 Replies
View Related
Feb 23, 2010
I would like to set up a proxy server at home which i can use to access sites from work. I was thinking a web-page i log into and then a sort of use like a browser? like this for example, but where i can have a secure login
View 4 Replies
View Related
Jul 19, 2010
I am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
View 5 Replies
View Related
Nov 22, 2010
I installed AWSTATS on my LAMP 10.04 LTS and followed several tutorials URL...) but I can't secure the folder, either by an alias or by .htaccess. I tried both methods manually and by using Webmin.If you go to the URL www.mywebsite/awstats/awstats.pl it shows up, which is good, but this is the default installation site and anyone who knows awstats could possibly see my stats. The conf folder is /etc/awstats/, and I did an alias for that, then .htacess, but neither worked. With the .htaccess, I would get a password promt but the full stats page was visible behind the password promt, and if you clicked "Cancel" about 20 times or so the promt would go away and the full stats page would be visible.
The actual file that powers awstats is in /usr/share/lib/cgi-bin/awstats.pl, and I also tried an Alias and .htaccess seperately and neither worked.I restarted apache2 after each change and I've searched several forums, but I still can't figure this out.
View 2 Replies
View Related
Dec 25, 2010
I am facing a problem concerning secure websites where I get the "Connection Reset" error in browser after a timeout of I think 1 minute.
OS: Fedora 14 ( I faced same problem with Ubuntu 10.10 )Browsers: Chrome and Firefox
The issue is not there on Windows using Chrome and Firefox so I believe this is a problem with how linux manages secure connections. I can access all the google secure websites too. There a few other websites apart from facebook.com that I know which I am unable to access.
View 3 Replies
View Related
Jul 9, 2010
I have a problem access privileges on several folders like this one
Code:
It clearly says that I have owner and group read write and search (it's a directory) privileges.
I login as user master part of group events
Code:
But I can't access the folder (Permission denied).
View 9 Replies
View Related
Jun 13, 2011
Code:
# Create a directory, and user, assign ownership of dir to that user and usergroup.
sudo mkdir /mysecureddir
sudo useradd mysecureduser
sudo chown mysecureduser:mysecureduser /mysecureddir
[code].....
I've read some similar issues dealing with apache, but its still not clicking for me. Group has rwx access to directory and everything in it. I'm in the group.
View 6 Replies
View Related
Feb 15, 2010
We are using Nagios Server for different sites say India,US,Germany. All of them are in their respective groups. Now how do i create web access to 3 of them, so that they can monitor only their server? Say, India shouls be able to see and monitor only India group, US guys should able to monitor only US servers. And they not be anle to access other group.
View 1 Replies
View Related
May 13, 2011
After upgrading to Natty Narwhal my Crypt Keeper app will not launch. I am now unable to access secure files. Has anyone had this issue after their upgrade to Natty Narwhal? If so, How were able to resolve this issue.
View 2 Replies
View Related
Mar 8, 2010
I'm running Ubuntu Server 9.10 and I'm looking to setup an FTP server. I have SSH running beautifully and it's accessible from any computer whether it be inside the network or coming in from the internet (provided you have the administrator username and password ). I've tried Proftpd and vsftpd and have failed miserably so far. Which FTP server application do you think I should go with and how could I go about setting it up through my SSH connection?
My current setup is this:
- Ubuntu Server 9.10 with Fixed IP of 192.168.1.100
- 500GB Hard Drive
- SDA1 = 512MB ext2 /boot
- SDA2 = 2GB swap
- SDA3 = 20GB ext4 /
- SDA5 = 438GB ext4 /home
- One User (Username = administrator)
- Full SSH Capabilities
- IP Address to DNS provided by www.dyndns.org
- WRT120N Router with Remote Access and Port 22 Open
I basically want to set up a secure FTP server that anyone on the internal network can access as well as anyone from the internet (as long as they have a username and password). I want to setup a username and password for each user so that they all have read/write access to the same folder in my /home partition (I'll call it FTPSHARE).
View 9 Replies
View Related
Dec 13, 2010
I am trying to remove the ability to login with password so, I follow the procedures I have found to generate a key, copy it on the server and after editing the sshd_conf file to set PasswordAuthentication to no, after I restart ssh, I find my self locked out of it....
View 5 Replies
View Related
Dec 27, 2010
how to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz
4 GB RAM
Eventually 2x250GB Sata Hard Drives
The Dell PE850 Server Consists of:
2xIntel Xeon Processors 3.4GHz
4 GB RAM
2x76GB SCSI Hard Drives RAID 1
The Dell PE850 Server Consists of:
2xIntel Dual Core Processors 2.8GHz
4 GB RAM
6x76GB SCSI Hard Drives RAID 5 (pretty sure)
Dell PowerVault 220s
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
View 1 Replies
View Related
Dec 29, 2010
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
View 5 Replies
View Related
