I have a JavaCL program trying to open a port on 41xxx and it is getting permission denied unless I run it as root. I would like to grant a single user this permission for opening this port. This program runs fine on a vanilla ubuntu install but not on server. Where does Ubuntu handle user permissions for opening ports?I understand this is typically a no-no on a server but this is an unusual circumstance.
View 1 Replies
I was port scanning my computer and i found some open ports. How would i close these ports so they cannot be remote accessed?
View 1 Replies View Related"Ubuntu Server has no open ports by default" - [URL]. Does this mean right after a 10.04 Server Edition installation, if a user wants to start a web service e.g. a Java process to listen on say port 8080, he would have to configure the firewall first?
View 1 Replies View RelatedNormally all I/O goes through the kernel so that it can schedule the operations and prevent processes from stepping on each other. A few special user processes are allowed to slide around the kernel, usually by being given direct access to I/O ports. X servers are the most common example of this isn't it ? give examples for any other processes that are allowed to slide around the kernel ?
View 3 Replies View RelatedI've been struggling for days trying to open port 53 and 25 but can't get it to work. My iptables at /etc/sysconfig contains the following:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] .....
On the server machine when I do port scan with nmap I see the following result:
Starting Nmap 4.76 [URL] at 2010-03-28 01:03 CET
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 986 closed ports .....
But when I try to do telnet from an external machine, e.g:
telnet <IP of host> 53
I get:
Connection refused
telnet: Unable to connect to remote host
I also did a port scan with a tool on an external machine but port 53 and 25 weren't listed as opened ports. Also CheckDNS.net on the server returns "Connection reset. Probably DNS server is offline". I am 100% sure that named and sendmail are running. When I do a ps -aux I see:
named 9261 0.0 0.3 85528 14784 ? Ssl 00:46 0:00 /usr/sbin/named -u named
root 2550 0.0 0.0 9536 1960 ? Ss Mar23 0:02 sendmail: accepting connections
I am having trouble getting ports to open, on the router that the server is connected to it is set to DMZ, so everything passing through the router should go to the server right? but when I use a port checker none of the ports that I need to be open are. so my question is does ubuntu have a built in firewall that no one told me about? or something that would block me from having the ports open?
View 3 Replies View RelatedI've tried to set up a Hadoop cluster on a few freshly-installed 10.04 Server Edition machines and hit a problem. (I was able to set up the cluster using Desktop edition previously). The issue is that I can't connect to the service even though the Java process is running and listening on the port and there is no error in the logs. Anyway, I started to wonder if it was firewall issue so I googled it and found conflicting information.
1. "Ubuntu Server has no open ports by default" - [URL]
2. iptables shows different info. ufw is also disabled.
hadoopadmin@machine-1:~$ sudo iptables -L
[sudo] password for hadoopadmin:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
hadoopadmin@machine-1:~$ sudo ufw status verbose
Status: inactive
I even tried to enable ufw and did "sudo ufw default allow incoming" but still no help. The only package I manually selected during installation is OpenSSH server.
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
I have the task to set up a machine for users working with sensitive data that should not be leaving the machine where it is processed. This means disabling access to the ethernet device, lan, all other ports as mentioned earlier, and any other way of leaking the data.
In Mac OSX this was achieved using "Parental controls" from the System preferences; this even allows a selection of the applications that can be used. Under XP, Device Manager offers the option to click various devices and "Disable" them, which worked so far just fine. Some will point out that the latter mentioned OS may be easy to circumvent the security of in other ways, but that has been mitigated with other measures and it's not the point anyway. For the operator users in question, the aforementioned measure proved successful and worked.Using OSX and XP to do this was a 10-15 minutes job with testing included.
So far all guides and tutorials pointed to useradd, groups an facl, but in actual practical terms did not help at all, in fact most of the research did not render any practical results so far. I surely don't expect to point and click, and would gladly run a set of commands from CLI. If I had them. I would really would like to achieve the same restricted user account configuration in a concise, comprehensive and practical manner under Linux too. Preferably tested on humans before, and known to be workign, of course.
The machines that need to be set up are two laptops running Ubuntu. So how can this be accomplished in Linux?
I have ordered a server with OS:
Ubuntu Server 11.04
After a quick nmap scan I found out a few open ports. What is using these ports?
1102/tcp filtered adobeserver-1
1201/tcp open nucleus-sand
Is there a way to grant 'root' privileges to my user account? My account name ... I'll call it 'masterskop' as it is my forum name here, but not on my computer.Would it look like this in the sudoers' file?My purpose is to get access to all the folders and files in the 'File System'. The root and lost+found folders have 'Xs' on them...No access! And for example, under properties of the 'var' folder it states that 'you are not the owner, so you cannot change these permissions.' How can I get access to all of it everytime I login as the main user of my computer? I do not have anyone else using this computer.I did edit this file and used my real user name ... logged out and logged back in and still I do not have access/edit these folders and files.
View 4 Replies View RelatedI'm using Kubuntu 10.04 at the moment. Every time I log in, KDE Wallet asks me to give a password so that Kopete can access my login password to login. Is there any way you can 'grant permission' to access the wallet for certain applications so that I don't have to fill in my password every time?
View 9 Replies View RelatedI'm having troubles with a download and I need permissions for the conig files and to have write-access to your ~/.loki/ directory and all sub directories. Does anyone know how to do this?
View 4 Replies View RelatedI want my apache user (www-data) to be able to umount drives that are mounted with fuse. (i think it is the same as regular umount, but i'm not sure)
when i execute: www-data@1:$ umount /2345umount: /2345 is not in the fstab (and you are not root)
how can i get this done?
Currently, I must sudo tcpflow -i lo as root user, I want to grant the lo interface and TCP port range 3000-3999 of all interfaces to user1, how to do that?
View 1 Replies View RelatedOn RedHat 5 64-bit.I have a group that requires read-only access to the /var directory.I believe someone mentioned SGID and ACL stuff, and I've been researching this solution, but I wanted to check with you all first to ensure there wasn't an easier way to do this. Basically, I just need folks that belong in this certain group to read the contains of any file/directory contained within /var.
View 5 Replies View RelatedI am trying to setup a Rsync backup method.I have multiple files and folders all OWNED by different users.Now I can read the files as root.But I want to make a user for RSYNC that can ONLY read all these files for copying them across.It requires to create a non password login and I dont want to do that with the root user ! I have tried to create a new user and use 'setfacl':setfacl -m u:someuser:r /var/test.But when I su to 'someuser' I cannot copy the files to my homedir. So I think it wont work for rsync also.
View 8 Replies View RelatedI am trying to set up an ampache server using apache as the webserver. The instructions have the following line as one of the requirments: Your webserver has read access to the /sql/ampache.sql file and the /config/ampache.cfg.php.dist file..I have essentially zero experience with apache, and I'm not sure how to grant read access to a file.
View 1 Replies View RelatedI have a normal user (sites:users) and the usual http user (wwwrun:www).I'm hosting several sites and I want to be able to upload stuff via ftp, so I'm using the "sites" home (/home/sites) to keep the sites I'm hosting. Giving read permissions to all inside /home/sites makes it accessible and readable to the wwwrun user. Problems come when I need to upload something. The easy way is to give 777 permissions to the folder that's going to receive the file, but I don't feel comfortable at all with that.
What do you recommend? Is there any group configuration that could help me (like adding "sites" to the "www" group)? Or any other configuration at all that might be according the the best practices?
I have wicd 1.6.1 (bzr-r426) and it is working very good with my root user but with all those which have not the root rights wicd asks for superuser password to connect. I want to avoid this pop-up window to be shown, how can I proceed? I first thought about the sid and gid but it seems that there is no improvements using chmod 4755 and 2755 on the different files involved in.
View 2 Replies View RelatedI'm able to mount ntfs file system as root user but I want the same thing to be allowed to normal user .
I'm not much familier with linux environment so please explain me how to do that for normal user.
Is there any way to grant access to non root users to use some commands like reboot and date and some other commands that root user can work with .I tried chmod on their binaries and added them to root group but nothing happened.
View 5 Replies View RelatedWhat I'm trying to do is to grant my regular user to locally mount partitions and shutdown the machine without a password. Here is what I've done to /etc/sudoers:
Code:
Host_Alias LOCAL = localhost
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias MOUNT = /bin/mount, /bin/umount
<my_username> LOCAL=(root) NOPASSWD: SHUTDOWN, MOUNT
%wheel ALL=(ALL) ALL
My user is a member of wheel group and I want to type the password for each sudo command except for shutdown and mount. However I am asked for a password whenever I execute "sudo mount [...]" or "sudo shutdown [...]".
Apache by defaults points to /var/www/eachdomain. I need to be able to give users ftp access to /var/www/specific domains.
It seems that if I change the owner of /var/www/specificdomains/ to the user in question, then www:data no longer owns the directory and Apache starts to have issues..
What's the best way to set this such that I can allow users to FTP into specific directories, and still have www:data own them? I'm currently using vsftp, but that can easily change.
I have keys set up on ubuntu server 10.10 When I issue "It failes for publickey"
Code:
ssh -i ~/.ssh/id_rsa USERNAME@MYSITE -v
Code:
skip...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
[Code]....
When I create folders in a PHP script fom my website, the folder is created but has owner "33". My ftp user have an other "Owner ID" than this. So I can't delete or edit the files that is created. I'm running Ubuntu 10.04 on a VPS server.
ISPconfig3
proftpd
I think I have LAMP (it was installed with a script from my hosting company).Also the safe_mode is off.
i want to allow some friends to ssh/sftp/scp into my system but i only want them to have access to my external hard drive (/media/externalHD/), and i dont want them to be able to delete or add anything, only download.i have found instructions on how to limit a user to his/her home directory and thought about just creating a user with the home directory /media/externalHD but idk if this will work and im afraid i might make a mistake and delete 800gb of 'files'
View 2 Replies View RelatedI just finished setting up my small server, however I realized that no one can connect to it from the outside. The reason being is that my router is assigning internal ip's and dyndns is linked to that. I need port 80 for the Apache server, but if I have the router forward that port to my particular ip, won't it screw with everyone else's internet too?
View 5 Replies View RelatedOne user in my company wants to run some flush cache queries on a MySql database, it needs "reload" privileges of Administration, how secure is to give this rights to a normal user ?
View 2 Replies View RelatedI want to share files over the web with only a few people and limiting them to certain folders. I have been doing a remote access (ssh) to my server to access it from a pc on the local network. I later found out the same program doing ssh (open_ssh) was also doing sftp, great I could do both with one system account. Problem I couldn't find away to configure another user to go over the web with limited folder access without messing up my user to access the pc. I tried ftps by using vsftpd, I couldn't get chroot set up correctly or even log in. So my question is what program and/or protocol should I use to do secure ftp over the web?
OS: Ubuntu 64bit 10.04
I have samba server(Fedora 11) here,but when I want to access to it from WindowXP ,the first time you need to tap in user name and password.But the next time ,you automatically log in Samba server with the user name as the first time you used. But I have not clicked the "Remeber me " option when I logged in.I want to switch user when I want to log in samba,does anybody know what is wrong ?
View 4 Replies View Related
