Networking :: Limiting Sshfs Access To Specific Directory / Tunneling Nfs Over Ssh
Jan 22, 2010
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
I have a local computer (local), and remote computer (remote) behind of remote server (server). Also, I have user access to all of these 3 machines. Now, I want mount some directory, located at remote, to my local mount-point via sshfs. How should I setup my local sshfs and what should be done on server to make this mounting?
I'm stuck with ssh tunneling because the default method for tunneling requires root access while WinSCP somehow could do this with only user access (the tunnel server could be configured there in 'tunnel' panel).
I have a log server that collects logs from all the cisco devices on our network.he company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.
Code: drwx------ 65 root root 4096 Apr 29 7:38 rsyslog The cisco folks are requesting access to these logs, which is allowed by company policy.
My home directory's permissions allow only myself access to it. Is it possible to put a file inside my home directory with.. say.. full permissions, and create a symlink to it so other users can access that file alone inside my home folder? System is Ubuntu Karmic.
I have a problem with sshfs. I want to share a binary with some others computers, but i only want them to be able to execute (no read/write ). So, on my main server, I chown root:root bin & chmod 701 bin. That work nicely on main server, local users can execute bin w/o read/write ... But when I mount directory using sshfs, users cant exec/read/write ...
SSHFS version 2.2 FUSE library version: 2.8.4 fusermount version: 2.8.4 using FUSE kernel interface version 7.12
We recently had a serious loss of data because of SSHFS mounting. A user in our group mounted the entire home directory of our server (/home). This was so they could easily move between user folders to read/write data from other people involved in the same project. They then deleted several folders that were not in there home directory.
Now I know this is a bad idea and that there should be a dedicated "projects" folder where everyone collaborates and does their stuff. Such a folder/system exits but I can't make them use it. My question: Is there anyway to configure SSHFS such that the only thing the user's can mount is their home directory? Obviously this won't fix the problem since they can sym-link to other folders but I've got to start somewhere. Perhaps there's a better solution (one that doesn't involve me nagging users about proper form).
On our web server I want to have a WebDAV folder and I would like customers to be able to log in with MySQL authentication from our customers database (this I have set up with no problems and it works fine). HOWEVER, I want each customer to have their own subfolder and, having logged in with access to the main WebDAV folder, I want each customer ONLY to be able to access their own subfolder(s). I don't mind them seeing other subfolders exist but obviously I don't want them to have access to other customers subfolders.
OK, of course I could achieve this by adding new WebDAV locations to the httpd.conf for every customer but with a large number of customers httpd.conf will become very large and messy. I have tried applying further restrictions by putting an .httaccess file in each subfolder but that doesn't work - indeed the presence of a .htaccess file oddly prevents users from seeing any other files in the subfolder but has no effect on the access.
My server listens to POP3/IMAP requests. Some users have configured their mailers with high checking frequencies, say once every minute, such that the system logs are full of entries with no significance at all.I'd like to ask if there is a way to limit the per IP frequency of POP3/IMAP access ?I'm using "xinetd" to wrap the "ipop3d" and "imapd" which come with the Alpine package.
I'd like to add a user to my server that will only have access to a mount point over sshfs. Is there any way I can provide them this access without actually giving them permission to open a terminal on my server? I tried /bin/false and /sbin/nologin already, but /bin/false didn't allow the mount point to be made and /sbin/nologin prevented a login completely (also stopped the mount point from working).
I just created new user account, but the new user is able to access all the directories structure (including other's home directories).I'd like to limit the user to access ONLY his home directory (and nothing "above"). How do I do this?
I was looking for a way to protect my samba server for limiting access to certain domains.Can I use the parameterhosts allow = example.comor something like that or is there another way to do the job for domains
I have a bootable utility toolset that I put together with Fedora 14, one of its primary functions is to map a user designated share via script and access information from it. The command that I used, that functioned perfectly, in Fedora 14 was:
Code: sudo mount -t cifs -o user=provided.account.name //file-server.mydomain.com/share/images /mnt/source
I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
At school, the shop I work in has machines that run windows xp and cannot be updated to the latest SP (consider these machines "B"). This means that they are quarantined whenever connected to the network. There are also workstations that we would like to be able to connect to "B" for the sole purpose of dropping a file into a directory. These machines we will call "A" and are considered trusted.
I have No control of the school's network. I have a spare PC with two NICs as well as a 5 port switch. My thought was to use the spare PC as a gateway/router/VPN and setup an isolated "network b" consisting of all the untrusted systems. Disallow all traffic other than the VPN connection. Connect via vpn from the 4ish trusted workstations "A" to Network B. I could use mac filtering (I think) to accomplish this and disallow any computer not specifically authorized, thereby isolating the untrusted computers completely.
I am trying to setup a version of OzymanDNS but am not quite sure I am understanding part of the instructions found here.My domain/website is hosted with a web hosting company, using their name servers. I have added a sub domain [URL], using an A record to send any requests for [URL] to my home IP address, where I have a server running. Do I need to also add the code below to my server at home which has BIND installed or are the instructions expecting that I have full control of the main name server already?
tunnel.example.com. IN NS www.example.com. www.example.com. IN A 220.127.116.11
I know that SSHFS is the way to mount the file and directory on remote server. It has many advantages such as security, convenience, fast and so on. I wonder if there is disadvantage of SSHFS and the alternative to it? I am looking forward to your reply.
I want to be able to SSH into my computer that I can't expose port 22 on. I've tried the ssh -R ... several times, but can't manage to make it work.I have my home computer (want to SSH into), server (can SSH into), and some computer I want to SSH from.Do I need to install the sshd on the machine I want to SSH into? What are the commands I need to enter to forward from my server to my home computer?
I am trying to tunnel through my college's free AP so I can get access to protocols outside of http and https. The school has an in-browser DNS redirect until you log in.The output of "cat /proc/version" on the server OS is "Linux version 2.6.35-27-generic (buildd@palmer) (gcc version 4.4.5 (Ubuntu/Linar o 4.4.4-14ubuntu5) ) #48-Ubuntu SMP Tue Feb 22 20:25:29 UTC 2011" The client OS is Windows 7. What I have done so far is use Proxy Cap to redirect applications to a Putty tunnel connected to the server. Eventually I want to tunnel that SSH connection through my school's firewall, so that I can keep encryption and have a reasonable amount of ease with setup.
I am not particularly educated on the inner workings of the DNS redirecting so I was not sure what to search for. My attempts to connect Firefox over normal http proxies failed and since all ports are blocked besides http and https I didn't attempt any socks or SSH. I have also tried simply hosting the SSH server on http ports with little success. I hope that I can do this without having to purchase a domain, but that's starting to seem like that won't be the case.
I have been ssh tunneling, which works great.I can browse the internet by simply tunneling my traffic through my SSH server.the following command: ssh -ND 9999 username at myserver.i cant postlinks.is all I have type, and I can connect to a SOCKS proxy server on localhost:9999.My problem is that I have an application that only supports HTTP proxies.Is there any way I can get it tunneling over the socks proxy?
In windows if I want to do split tunneling, I just uncheck the Use as Default Gateway Box as seen here URL...In Ubuntu, I went to my VPN connection, IPv4 settings, routes..., checked "Use this connection only for resources on its network".And I could no longer ssh into machines on campus.
I am a linux beginner and dont know that much about networks! I have access to a linux VM. The machine is remote and i access via putty. If i can access this machine via SSH and putty, is there any reason why i should not be able to use ssh tunnelling to connect to a vnc server?
I don't know the details of the server and what firewall is set up but i believe that tunnelling uses port forwarding over the ssh connection that is already set up. Where does the port forwarding actually occur? At the actual linux VM or on the router the VM is connected to?
I've used wake on lan and SSH on the local network for some time now. I also used SSH to mount a filesystem (SSHFS / sftp, same thing, right?) and I could forward X11, loved it. I used both these options for my convenience. So I decided it was time to open up some ports on my router (Linksys WRT320n running dd-wrt) and try to set up a remote connection. This actually worked after some time, so I'm now able to turn on my home computer from the Internet (school in my case) and then log in to it through SSH. I set this up using other ports then the default ports. Something like this (these are not the actual ports I use, just examples):
port 2112 -> port 9 (for wol, wake on lan) port 2113 -> port 22 (for SSH)
This information might be useful: I set this up using public and private keys. This is necessary for SSHFS to work properly I think and it also makes it more secure. And then I found (and had some presumptions that this was going to happen) that both SSHFS and X11 were not working. I'd rather not open up more ports on the router for security's sake though, so I'm asking for other solutions. And if there really aren't any other solutions then which ports to forward. And if forwarding is really necessarily then how to make the client use port 2114 for SSHFS and 2115 for X11 so I can forward those ports to the default ports.
I have 2 ISP where give me IP Public with ISP A (/29) and ISP B (/28). So, I connect this two ISP to unmanaged switch. And from that switch, I take one cable connected to eth0 on the server. (Note : My server have 2 dev ethernet, eth0 and eth1). eth1 will go to the Switch which will go to the LAN.
My Question is : 1. Is this possible to make bandwith control on the gateway server with mode separating International bandwith and local bandwith (my country bandwith)? ie, for my Mail Server I will give the "intl bandwith" only 512 kpbs and for local bandwith with 1Mbps. What a software can I use for this model ?
2. Which model I should to used, with NAT or with Bridging router? That's all for now..
You may have seen some other posts by me about my final year college project. Im implementing a web based network management website. Iv got a lot of the functionality working at this stage but one part is allocating bandwidth.
Iv got an eircom 3mb broadband connection and I want to be able to split this between users. At the moment I only have my desktop and laptop on the network. Im looking for advice on how i can allocate bandwidth with iptables and/or the tc tool in ubuntu.
My website is on an ubuntu virtual machine and written in php. Whatever about running the iptables and tc commands from php I still need to figure out the actual commands i need to use in the first place.