Ubuntu Servers :: Give Power Users Ability To Access All Of Their Folders Without Thrashing Security.

Feb 8, 2011

So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.

My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.

View 1 Replies


ADVERTISEMENT

Security :: When To Give Write Access To Folders On A Web Server

Feb 3, 2011

on the following link [URL] section 2 says

Quote:

The following directories need to be readable, writeable and executable for everyone:

* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/

[Code].....

I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.

View 2 Replies View Related

Security :: Take Away Ability Of Using Sudo For Common Users

Mar 9, 2011

I decided to consult you before making any changes, because the clients' PCs are spread all over the country and I do not have the physical access to their boxes.The idea is to take away the ability of using sudo for common users.I know that the syntax of this file may vary a bit in different distributions.Our OS is Ubuntu 10.10.I created the account 'support' for me and other technician stuff of our department. So, 'support' user must have all the power. And common users mustn't have access to 'sudo'. This is the requirement.As far as I remember, in Slackware the user must be a member of 'wheel' group to be able to use 'sudo' (but I may be wrong).

View 3 Replies View Related

Ubuntu :: Give Multiple Users Access To Drives?

Aug 11, 2010

I just created a 2nd user on my computer. I've got the hard drive that ubuntu runs on, and then a 2tb drive for media. If the 2tb is mounted on my desktop, it won't show up on his desktop even if I'm logged out. It won't show up on his unless I unmount on mine.

If I'm logged out I'm obviously not using it. So why doesn't it show up? He has all privileges. Is there a way to make this work without having to unmount?

I'm running karmic btw. If you need computer info let me know what to type into the terminal and whatnot and I'll paste it all here!

View 4 Replies View Related

Fedora Security :: Give FTP Control Of Different Directories To Different Users

Aug 24, 2010

I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?

Here is what I want:
username:client1
password:12345
home directory: home/server1
username:client2
password:12345
home directory: home/server2

View 1 Replies View Related

Red Hat / Fedora :: Give Priority Access For Some Users When They Logon

Jun 24, 2010

I want to give priority access for some users when they logon to the Redhat Server. I changed in the /etc/security/limits.conf file but also i am not able to get the priority .

View 2 Replies View Related

Ubuntu :: Give Two Client Users Permission To Access Their File System?

May 1, 2011

The desktop computer of my two children has a total of three users:

1) The superuser (me)
2) The user 1001 (my elder son)
3) The user 1002 (my younger son)

Both users 1001 and 1002 can not access their files system, and also they can not save any attachments from incoming mails.

What I tried so far:
I accessed the file manager as superuser, and went: >Root>Home. Here I right-clicked on the folder User 1001, selected properties, selected the tab 'permissions' and allowed this user to read and write into this folder. I also checked the checkbox �extend this permission to all subfolders and its contents.

The problem is, when I reboot, everything is 'forgotten' and I am at quadrant zero again.

Eventually I should state that part of the folders are from a backup drive, because the hard disk had to be replaced so, once I re-installed the OS on the new hard drive, I copied the folders from the backup drive into the home folder.

One last question:
Is there a good tutorial about permissions?

View 9 Replies View Related

General :: Give Permission For Users To Log On To Either Of Two Servers?

Apr 5, 2011

a small lab of linux servers contains two servers. the administrator wishes to permit user settings and project files to be available when users log in on any machine descibe the server processes needed on the servers

View 1 Replies View Related

Ubuntu :: Samba Share In 9.10 - Few Folders Access By 3 Users

Apr 28, 2010

I have configure few folders access by 3 users, In common folder only users that create that document can do changes. The rest of the users can only read the file but can not do changes. Ownership of the folder is admin, group is sambashare which already have the access create and delete files. All the 3 users already in sambashare main group, and they only can edit the file that they copy or create to the common folder .........

View 5 Replies View Related

Security :: How To Make PAM Give Message When Denying Ssh Access?

Oct 23, 2009

We use PAM to control access to our RHEL4 servers. We would like PAM to give a message, of our choice, when users who are not allowed to login try to login. PAM's default is to let the user try 3 times without any explanation.

View 7 Replies View Related

Ubuntu Servers :: Give User Ftp Access To /var/www?

Feb 12, 2010

Apache by defaults points to /var/www/eachdomain. I need to be able to give users ftp access to /var/www/specific domains.

It seems that if I change the owner of /var/www/specificdomains/ to the user in question, then www:data no longer owns the directory and Apache starts to have issues..

What's the best way to set this such that I can allow users to FTP into specific directories, and still have www:data own them? I'm currently using vsftp, but that can easily change.

View 6 Replies View Related

Security :: Using Sudo To Give Read Access To Specific Directory?

Apr 29, 2011

I have a log server that collects logs from all the cisco devices on our network.he company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.

Code:
drwx------ 65 root root 4096 Apr 29 7:38 rsyslog
The cisco folks are requesting access to these logs, which is allowed by company policy.

[code]...

View 12 Replies View Related

Ubuntu Servers :: Windows Users Can't Mount Share Folders?

Mar 25, 2010

When I connect with my ubuntu 9.10 x86_64 freenx server from Linux/Mac share folders from client side will properly mounted and I can use with no problems.

When I connect to the same server from windows box, I get this error message:

Quote:

Info: Share: '//COMPUTER/FOLDER' failed to mount: mount error(5): Input/output error
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Last two days I was googleing a lot about this but all I tryed didn't work.

Is there somebody share folder works from windows connection?

View 2 Replies View Related

Ubuntu Servers :: Samba Users Able To Browse Folders With No Permission

Feb 11, 2011

I've set up smbd 3.4.7 on 10.04x64 LTS server. I've set up a couple shares and I'm having problems blocking access to certain directories using native file permissions. There is one directory that has folders for each sales rep to store their current list of quoted clients, I only want sales people to be able to browse the directories owned by themselves. Everything seems to be set up correctly in terms of user groups and permissions on the filesystem.

Below is marina, a sales rep, and brian, a super user of sorts.
id marina:
Code:
uid=1011(marina) gid=1006(office) groups=1006(office),1005(sales)
id nick:
Code:
uid=1000(brian) gid=1006(office) groups=1006(office),118(admin),1001(full),1002(processing),1003(management),1004(it),1005(sales)

Below is the directory with all the sales reps folders.
ls -la:
Code:
total 60
drwxrwxr-x 15 root it 4096 2011-02-10 20:06 .
drwxr-x--- 9 root office 4096 2010-11-19 12:40 ..
drwxrwx--- 13 katya full 4096 2010-12-07 12:36 Katya
drwxrwx--- 18 lana full 4096 2011-02-08 17:09 Lana
drwxrwx--- 23 marina full 4096 2011-02-10 18:09 Marina
drwxrwx--- 4 mike full 4096 2011-02-01 12:42 Mike

With this setup marina only be able to browse her folder, but she can browse all folders and has full write access to all folders. This leads me to believe something is up with the smbd.conf file, which is below.

Code:
[global]
workgroup = COMTREAD
null passwords = no
server string = Root Server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0 .....

In this case the valid users directive would not work cause I am not making a share for each user. I had this on other shares like the db2 share. My windows box lagged heavily when I tried to access that share with an invalid user. How to deny users the ability to modify permissions I would also like to do that.

View 3 Replies View Related

Ubuntu Servers :: Virtual Users Permissions For Created Folders

May 28, 2011

I have problem with virtual users in vsftpd. When they create folder they cant make another in than folder, or for example they cant see files they upload in that directory...That write permision i try to change in their config file, with every combination of local_umask and file_open mode values. How can I handle that. I want that virtual user who creates directory (in their root directory) have all privilages to that folder and all content in that folder.

View 4 Replies View Related

Ubuntu Servers :: Samba And Share A Folder An Sub Folders For Windows Users

Feb 19, 2010

I've installed Ubuntu Server 7.10 Gutsy and Webmin 1.500 on it. The thing that I want to do is: I want to share a folder an sub folders for windows users ( guest user) I should modify those folders from my ubuntu desktop 9.10 karmic they are all same folders. Is it possible? if yes how can i make it. you can tell from webmin or samba configuration file.

View 8 Replies View Related

Ubuntu Servers :: Networking - Machine Refuses To Give Access To The Internet Via Firefox

Sep 21, 2010

I have a machine (lets called it machine 1) with two networks card, eth0 and eth1. Both have static IPs. Once in a while the machine refuses to give access to the Internet via Firefox (eth0 is the route to router). Other machines on the network have no problems accessing the Internet. Eventually the machine would just magically start working again, but this time it just seems to have stayed broken. I've done some simple diagnostics and found:

a) I have another machine running Apache with a Wiki on our network - [URL]. Machine 1 is unable to connect to this Wiki. I get 'the connection has timed out'. I can ping 192.168.1.73 and it responds in the usual fashion.

b) If I try to ping www.google.com it times out with: ping: unknown host www.google.com. I can ping google using its IP address.

c) On machine 1 I have tried traceroute on both www.google.com and its IP and I just get:

1 * * *
2 * * *

And so on until hop 30. Doing this on any other machine on the network works. So while it seems I can ping internally in our network and outside, but when it attempts anything traceroute or URL related it does not work.

View 7 Replies View Related

Ubuntu Servers :: Setup A Server To Where It Does Not Give A Password Prompt To Access A Shared Folder

Nov 28, 2010

How do I set up a server to where it does not give a password prompt to access a shared folder?

View 1 Replies View Related

Ubuntu Security :: Group Permission - Access Privileges On Several Folders

Jul 9, 2010

I have a problem access privileges on several folders like this one

Code:

It clearly says that I have owner and group read write and search (it's a directory) privileges.

I login as user master part of group events

Code:

But I can't access the folder (Permission denied).

View 9 Replies View Related

Security :: Users Can Access Each Others Files?

Mar 26, 2011

I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)

View 7 Replies View Related

Ubuntu Servers :: Vsftpd - Can't Access Files/folders?

Sep 26, 2010

1- I've set up 3 virtual users,one of them is a system one (with a different password) and writes on his own home folder. With this one I haven't found any problems yet, but with the other 2 users I can't access files/folders created by them. It's a permissions problem for sure, but I'm not sure how to correct it.With these users I can upload files, create files and create folders. The problem is I can't access what I create (I can't enter a folder I created but it is there and I can upload files into it).

2- Whenever I turn on ssl_enable=YES I can't access the server (even from the server itself when I connect to localhost, It's a regular Ubuntu installation).Here's the config file for the users:

Code:
write_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES[code].....

View 7 Replies View Related

Ubuntu Servers :: Get Rid Of Access Denied 404/403 For Localhosts Other Folders?

Sep 1, 2011

How yo get ride of access denied 404/403 for localhosts other folders? i am using lamp and trying to access my site which is placed in a folder wthin the document root. but its showing access denied. how i can edit permissions?

View 3 Replies View Related

Ubuntu Servers :: Apache2.2 Denies Access To Home Folders?

Jan 14, 2010

I configured my apache2. On my Intrepid I had apache2.0 while on my Karmic I have a apache2.2. Aftere configuring I tested it and got a an error page when I tested it in my web browser. I looked into the log file that showed the following error "[client 127.0.0.1] (13)Permission denied: access to /my_dir/ denied".

It appears apache2.2 can't access directories in my home folder. File system rights for the files and folders are correct. There is no AppArmor profile for Apache. User settings in "/etc/apache2/apache2.conf" file are correct. The inaccessible folder in "/etc/apache2/sites-available/default" looks as follows:

[Code]...

A trick using symbolic links didn't work either. On my previous Intrepid with Apache 2.0 my pages worked like a charm. Now on my current Karmic (before apache2.conf was pre configured, now it's not) with Apache 2.2 my pages are wrecked. how I can make Apache2.2 access folders in my home folder and which settings are needed in default file for that?

View 8 Replies View Related

Ubuntu Servers :: Cannot Access Files / Folders In Www Directory / LAMP

Jan 21, 2010

Just installed lamp, I can access phpmyadmin mysql is set up and everything. When I try to view a directory [URL] I get an access denied error.

EDIT: I changed the permissions of the "folder" folder itself, I can access everything in that directory now but not any other folders in it. Do I really need to go through every folder every time and change the permissions?

View 4 Replies View Related

Ubuntu Servers :: Way To Control Access - Some Files/folders Would Even Need To Put In A Password

Apr 11, 2010

I've managed to setup Ubuntu Server 9.10, and created folders/files toview/edit/execute with Windows and Mac.

Now here is my dilemma, this is for a home server, and I will have 4 users(1 for myself, one with "admin" rights, my fiance(mac user), media pc, and a "guest" account for the computer or 2 that are out in the public(they don't need access to my taxes ).

I'd like to have it so that on my laptop, I can access the whole server, but some files/folders would even need me to put in a password. I want to do this because my fiance gets delete happy and deletes things, so if she goes on my computer she won't delete important info. I'd like her to have access to music, photos, and videos, as well as her having her own folder that she can treat as her hard drive.

The question is, do I need to setup a domain for this, or can I get away with a workgroup?

View 2 Replies View Related

Security :: Stop Other Users To Access My Personal Data?

Mar 15, 2010

I had 2 accounts on a single system. Other users are able to see my data. how to stop other users to access my personal data.

View 8 Replies View Related

Ubuntu Servers :: Recommended Way To Set Up FTP Users That Access Same Files?

Mar 23, 2010

I have a server setup with all my web development stuff in /var/www and in several sub-folders within that. (each project having it's own folder)It works great with one FTP account. But recently I've been getting help on a projects from a buddy of mine that freelances, and have made him an FTP user account as well. All is fine, except for when he tries to edit a file and gets a permissions error.

Here's the issue, I don't want us to have the same FTP login, but all the files are currently owned by my user name. So, when he logs in to edit a file, he can't because I'm the owner, and the files are set to 744. Will I cause any harm by adding both users to the same group (www-data) and chmod'ing the files to 775 so that we can both access and modify the files?

View 2 Replies View Related

Ubuntu Servers :: FTP Users Can Access Enitre Disk?

Apr 19, 2010

Quick question - I would like to know how to prevent users from accessing directories above the directory used for ftp. I'm running proftpd and I'm able to connect outside of my LAN, however all user accounts can click "Up to higher level directoy" and access everything, all the way up to the root directory. How can I make this unaccessable/not visible to users connecting to my server, allowing access only to the directories and subdirectories I have specified?

View 2 Replies View Related

Ubuntu Servers :: Win 7 Users Won't Be Able To Authenticate Unless Access Using IP Address

Sep 22, 2010

I've got a Samba server (CentOS)(I swear all my non-work boxes are Ubuntu) that has been working fine in our Active Directory environment for a long time, now that Windows 7 has been forced upon us, we've noticed that Win 7 users aren't able to authenticate to this server unless they access it using the IP address, e.g. \192.168.1.22. We've tried the different Windows 7 registry hacks and nothing makes a difference. We were advised to update Samba and we did to 3.3.8. However, this being a virtual machine, upgrading a clone of this machine did work, the configuration was identical, except the hostname

View 9 Replies View Related

Ubuntu Servers :: Crashed - None Of The Sites Were Responding - Sounded Like It Was Thrashing The Hard Drive

Aug 2, 2011

I have a ubuntu 11.04 LAMP server at home.

Its runnign a few small sites on a drupal CMS.

This morning I found none of the sites were responding. The server itself sounded like it was thrashing the hard drive.

It wasnt responding to the FTP client or SSH connections. Web pages just sat there like they were loading very slowly but never actually loaded.

How can I find out what went wrong. I dont have a massive amount of experience with linux, particularly the server variant.

Its worried me a little that the drupal report shows several page not found errors like someone (a bot maybe) was trying to see what php setup files they could access.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved