Looking for a way to add multiple groups to a folder. This feature is obviously available in most other platforms (Mac, Windows). Why can't I find any reference to this, or better yet, why doesn't this feature exist?
View 5 RepliesI have a folder, called Vault, that we want to share only with certain people. Because it will contain confidential information.
I want the unix group trustees to have read-only access I want the unix group administrators (and root) to have read/write access
All other users should have no access.
the implementation I have so far is:
folder owner: root:administrators
folder permissions: 770
section from smb.conf
[Code]....
However, this is not working as expected. It currently works as follows:
Normal user: No access (expected) Trustees member: No access (fail. Trustees should be able to read) Administrators member: Read/write access (expected)
I already know of a work around to fix this problem, but I guess my question is why is this not working as expected? I am using a Windows Server 2008 R2 Active Directory for authentication.
I have run auth-client-config for the ldap profile and pam-auth-update. When running getent passwd, I get a list of both the local users and the users in the active directory (with populated information in the Unix schema extension). When running getent group I get a list of both the local groups and the groups in the active directory (with populated information in the Unix schema extension).
Interestingly enough, though, when I run su DOMAINUSER, after the prompt for the password I get an authentication error. In /var/log/auth.log I can see an entry with pam_ldap: missing "host" in file "/etc/ldap.conf". The SRV records in the DNS servers resolve correctly. I've checked this with nslookup and I have seen the records within my zone file. Obviously if the ldap.conf file is working with getent and the ldap server is resolving from the SRV records, it is working fine.
The interesting part is that the Windows Server 2008 R2 AD machine shows in the event viewer that there was a successful authentication, yet the Ubuntu box says no. When I add the host within the ldap.conf file, everything works...getent and the actual authentication, either initial login or su.
[Code]...
I am currently trying to set up a Samba domain server. In the Samba-HOWTO-Collection I found an
example file.(Point 3.3.3.1) In the explanations of the example below, the author says I need to map UNIX Groups to NT Groups. He writes a shell-script of how one could do it, but when I copy it and then execute it, I get the error:
Bad option: rid=512
Bad option: rid=513
Bad option: rid=514
The other groups do get mapped, just the Domain Admins, Domain Users and Domain Guests dont. This is the shell from the HOWTO:
#!/bin/bash
#### Shell-Skript f ̈r sp ̈tere Verwendung aufbewahren
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins rid=512
net groupmap modify ntgroup="Domain Users" unixgroup=users rid=513
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody rid=514
[Code]...
I'm new to LVM. I use Red Hat and CentOS 5. I'm setting up a database server and I want to setup the local drives for performance. My plan is to have three storage locations, 1st for Linux, 2nd for the application, and 3rd for the data files. Each location will be appropriately redundant. The OS and application drives will be local. Because my goal is to dedicate one spindle for the OS and another for the application, is there a best practice that would say I should create two LVM volume groups.
Each with one logical volume associated with one of the physical partitions or one LVM volume group with two logical volumes each associated with one of the physical partitions? I've read that a physical disk can only belong to one volume group. So if I want to add 70GB to both logical volumes, I could add a single 140GB drive to a single volume group and then add half to each logical volume. If I have two volume groups, I would need to add two additional disks. I may be missing an obvious consideration or be missing a basic concept of LVM.
I created a user and I want the particular user in multiple groups. How Should I and after creating the user,If I want to delete that user from a particular group.
View 1 Replies View RelatedI am currently using the following code in order to set a user's primary group in samba.Code: force group = +group.This almost does what I need but I was wondering if it is possible to list multiple groups. Something like this would be exactly what I need.
Code:#If user is in group1 set it as primary group, if in group2 set it as primary.force group = +group1, +group2. Does anyone know if this is possible or if I could use a script to force the primary group?
this directory has permissions 750 and is owned by user1 and group user1 I have an admin user that is primarily a part of group admin, but also a part of group user1 what would stop admin from having read and execute permissions on this directory? I'm running clamav and have a clamd daemon running as user admin (I could run it as any user, and I may make a special user later, but I don't want to run it as user1, user2, etc).
I have 2 (technically lots more, but let's just say 2 for now) users, user1 and user2 that have home directories /home/user1 and /home/user2. each is owned and group owned by user1:user1 and user2:user2 respectively with permissions of 750. my admin user is part of groups admin, user1, and user2 I need this to be able to scan my user's directories using the command (is this correct?):
clamdscan --move=/files/quarantine/ --config-file=/etc/clamd.d/adm.conf /home/user1/file
doing this gives the error:
/home/user1/file: lstat() failed. ERROR
If I change the directory permissions to 755, it works fine.Or if I leave the permissions 750 and change the directory group ownership to admin, it works fine. So, why would this be? Obviously it is a permissions issue, but why is it not reading admin as part of the user1 group and allowing the same permissions as it does when making the directory group-owned by admin?
I have configured a file server with samba and winbind in RHEL5.I am able to allot permission for the active directory groups to my Linux folder.No issues.But i want to set multiple groups of active directory to get ownership to a single directory. Say there are 3 groups a,b,c to have permissions to a folder of the Linux machine.
Code:
chown -R root:Active_directory_group_name path_to_linux directory
I have set
Code:
chmod 770 /myshare
meaning that user and group would have full rights to /myshare
Code:
chown root:a
works great I tried with the option of
Code:
chown -R --reference=/etc/shares_own.txt /myshare
In reference file(shares_own.txt) i gave the entry as
Code:
root:a,b,c
This is not working.
i have 5 groups, i want to set 3 of them to have full permissions to a folder and set 2 others with read only to same folder, please help me to solve this problem. in other words i want to set this 5 groups diffrent permissions to a folder.
View 14 Replies View RelatedHow to create multiple Logical Groups out of a single Physical Volume? Here is the Physical Volume I have created:
Code:
# pvdisplay
--- Physical volume ---
PV Name /dev/sda9
VG Name myVG1
PV Size 54.88 MB / not usable 2.88 MB
Allocatable yes
PE Size (KByte) 4096
Total PE 13
Free PE 11
Allocated PE 2
PV UUID bon4Ao-vmgC-aP1h-EC9X-w3tN-YXNu-0N2dAw
This is how I am creating a Logical Group out of the above Physical Volume:
Code:
# vgcreate myVG1 -s 4m /dev/sda9
Display:
Code:
# vgdisplay
--- Volume group ---
VG Name myVG1
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 5
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size 52.00 MB
PE Size 4.00 MB
Total PE 13
Alloc PE / Size 2 / 8.00 MB
Free PE / Size 11 / 44.00 MB
VG UUID O6ljYC-bflz-EUTd-nf34-8gYe-Fh39-Bh3cOg
But I am unable to create one more Logical Group out of this Physical Volume. Can we accomplish it? Or do we always extend our current Logical Group to utilize the available space of a Physical Volume?
I am running Webmin Squid and Dansguardian. Works great. Trying to set up multiple groups now. In the Dansguardian module it has an icon to set up lists and configs for multiple groups. I click it and I get the following:
Global symbol "$debug" requires explicit package name at /usr/share/webmin/dansguardian/setupfiltergroups.cgi line 114.
It repeats this same error message for line 123 138 139 141 302 and 315. I am running Ubuntu 9.10 desktop. Ubuntu is up to date. Not sure if I need another package or not? When I installed Webmin, I installed apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl when I set it up, so I am not sure if I need another module or anything to help with the error?
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies View RelatedI'm trying to learn about permissions on linux webserver with apache.Some clues to the system: The server I have to play around with is Fedora based. Apache runs as apache:apache. To allow for e.g. php to write to a file the file needs to be chmod 777. 755 is not sufficiant.What I'm wondering is basically how set up permissions like they should be on e.g. a "shared web host".My main problem is that if I set a permission so that one user cannot access anothers home folder, then apache can't read from the public_html folder either.
To keep the users out I need to set chmod 700. But to let apache to read I need to have at least execute on world,so a 701 basically works, but won't let some users in.So I'm really stuck on what to do. Have been concidering adding the apache user to the frous grours
below to avoid having to add the world execute flag, but is that a bad thing? Should it be the other way around, the users in the groups below should also be in the apache group?I was aiming at having 4 groups:
1. webapp: same as dev_int, but is the only one that can go inside the webapp/live folder to e.g. do an update from the repo.
2. dev_int: can read,write and execute everything in the "web root", including the two below, but nothing outside of the web root
3. dev_ext: can read write and execute in all client folders, but cannot access anything outside of the webapp root
4. clientsBasic ftp accounts. Has a home folder with a public_html, but cannot access any other home folders
I am using mount.cifs to mount a remote samba share (both client and server are Ubuntu server 8.04) like this:mount.cifs //sambaserver/samba /mountpath -o credentials=/path/.credentials,uid=someuser,gid=1000.I mounted a user from local system with username and password with mount.cifs but the problem is that the user is part of multiple groups on the remote system and with mount.cifs I can only specify one gid. Is there a way to specify all the gids that the remote user has?
Mount the remote samba with multiple groups on the local system?Browse the mount from 1) with the terminal since I want to pass some files from samba as arguments to local programs.which runs through gvfs; but the newer gnome does not write to disk the ~/.gvfs anymore so I can't browse it in terminal. And the last solution would be NFS but that means that I have to synchronize the uids and gids on the local system with the ones from the server.
I'm currently running a small server using 9.10 and I wondered if using groups was a possible route in order to keep users away from the bulk of the file system and keep them in locked their home directories.
What I planned to do is use a group named 'allowsystemfiles' to be added to admin accounts, then to set parts of the file system to that group, along with the permissions 0760 to keep non-admin users out.
Is is a good idea or will this hose my system?
I've installed OpenLDAP and libnss-ldap, as instructed in this tutorial. Then I try to login but I got the error
Code:
groups: cannot find name for group ID 10000
Here's the user and group ldif entry that I use to login
Code:
dn: uid=iwan,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
[code]....
I successfully configured a VPN using IPSec(Openswan) and xl2ptd. While roughly following this guide (among countless others): [URL]
The VPN-Connection works fine, connecting to it is also a swirl, I can reach all that I want in the network, and also the gateway to the Internet works - everything being routed through that VPN.
Now my problem is actually the next steps, and I didn't succeed finding the right result on any possible search:
a) I want to limit, that the VPN-Connection is only used for distinct connections to hosts, that aren't in a "company subnet", but the IP's are publicly available. (Example: The Target-IP 8.8.8.8 allows per iptables, that only my VPN-Host 1.2.3.4 accesses it via SSH, and thus I only can access that Target-IP via SSH when I'm on the VPN). When actually browsing to the ubuntu-website, I want, that NOT the VPN-Connection is used but rather my normal connection (as a reference: i'm on a Windows-Client - not my choice, btw.)
b) I want to have several such "limitations" grouped, and give users 'access-rights' to certain hosts (Examples: Admin gets access to all on all ports Testers get access to some machines on distinct ports CEO gets access only to the mailserver via POP3 or IMAP
I have Apache up and running and have a few virtual sites enabled. All these sites belong to the same user and group and the directory root for each site is in /home/{same-user}/www/{site-name}/htdocs/
I use Samba to connect from Windows to these directories and by default, files and directories are saved as the {same-user} and {same-group}. My question is, would it cause a problem if I changed the user and group in the virtual server directives in /etc/apache2/sites-available/site.conf files, giving apache permission to write to these files and directories. In the past I have changed the user and group to www-data (the default) but this seems inefficient an cumbersome compared to what I intend to do.
I use the server mostly for development, although at times I have a small site or two available to the public. Before I do this I want to be sure I'm not leaving a gaping security hole by changing these things. If this is all wrong, what is the standard way of running virtual hosts from apache and what is the standard document root for virtual sites?
I have Ubuntu 10.04.2 (Linux 2.6.32-33-server on x86_64) with OpenLDAP 2.4.21 and Webmin1.550. I converted my ldap database from another system with the older style schema (OpenLDAP 2.3.3 with slightly older Webmin version 1.480) and no longer use slapd.conf, but the newer slapd.d format.
It all works fine except for one thing. When I add a new user, it lets me type in the additional LDAP fields:
But when I click the Create button, all the fields get jumbled together in the Title/Position box with a diamond question mark delimiting the fields:
Modifying existing users (which have the Additional fields displaying correctly) also has the same result - it moves the fields all into the one Title/Position box with the diamond shapes with question marks inside between each entry. Is it a problem with my schema files? I tried reverting to the older shema files and slapd.conf and it still did the same thing on the new system. I am really at a loss.
Here is also the output of ldapsearch for that user (host and samba ids are sanitized):
Previously added users that show the fields properly have "description:" and then the field listed for each Additional LDAP field. Also shouldn't the "title" be visible in plain human readable text here? - it looks like it encrypted it somehow - similar to a password hash. The older system works fine and the fields are all readable and in their proper locations. But the new system just doesn't work right.
I'm using my Linux (SLES 10) server as a File Server at this point. I need to set File Permissions to nested folders differently to different groups. For example:
homesharedengineering* should be read only for groupA
homesharedengineeringadmin should be read & write for groupB Plus read only for groupA
homesharedengineeringautocad should be read & write for groupC Plus read only for groupA
I've been using Webmin and Putty to set permissions but Putty only allows me the Default Group, it won't allow me to set several groups on the same directory. Webmin seems to allow me to add multiple groups (Webmin --> Others --> File Manager --> Info & ACL tab will provide extended abilities) but when I add multiple groups, they don't seem to take effect? I'm wondering if my setup at the 'Share' level or at the hierarchy of my folder structure (unix based) needs to be set specifically?
So i am at the stage of about to install the basic system and am using a derivation of the package management provided by Matthias S. Benkmann. To this end I am using his useradd and groupadd scripts to update the files:
/etc/passwd
/etc/group
My issue is that when I run the commands(created as part of temporary system when installing coreutils):
Code:
/tools/bin/su linux
#then as user
/tools/bin/groups
(here linux is the name of the user) This only returns the user being in the group named after user but not the additional group of 'install' Also, prior to logging in as user, if I use this command as root:
Code:
/tools/bin/groups linux
linux install This then returns that the user is in the correct groups. Lines from relevant files look like:
Code:
#/etc/passwd
linux:x:10000:10000::/usr/src/build:/bin/bash
#/etc/group
[code].....
So i have a fresh install of the server edition of Karmic, i'm running the Xfce desktop. When I attempt to manage users and groups through the GUI, I am prompted for what I think is the root password, the reason I say this is because the account I am currently logged in has sudo privileges and it does not accept that password at all, but I read that by default the root account is 'locked,' (to be honest it was so long ago since I last installed Ubuntu I completely forgot if it is or isn't, my current desktop installation has su access) is it asking for the root password? why doesn't my current user account password work if the root account is 'locked'? I can perform all other administrative tasks with sudo no problem.
the funny thing is, I have the exact same setup in a virtual machine, the same problem happens, except for some strange reason after changing the password on the only account (besides root), the password required to administer users and groups stayed the same after the change. (at the time of installation I just put both the user and root password the same and now that it is setup), i'm now ready to change the passwords. except now I read that the root account is locked by default, but this strange problem occurs.
I'm using ubuntu server 9.10 for a home build NAS. Everything is working great just have one more thing to figure out. I have Samba set up to access my files and I set up a recycle feature so anything deleted will get moved to a Recycled folder. (I learned this the hard way after hitting delete key by accident while browsing the shares in windows. Lost 100 GB of data)
Now it is for the most part working but the permissions on folders isn't getting set right. If I delete a file in a share I can go to Recycle bin folder and delete the file for good. But if I delete a folder I can not access that folder to delete or restore from the Recycle bin folder. I have to chmod the folder before I can do anything with it. Anything I can change to get folders deleted via windows to have the right permissions when it is moved to the Recycle bin folder?
[Code]///
The question is, as far as I know Ubuntu distro adds a user created with useradd to supplementary groups automatically. For instance, I want to enable sudo for all newly created users on my LiveCD and want them to be added to the group 'wheel' on creation. I'm sure it is possible to do it in Fedora, but how?
View 10 Replies View RelatedI'm looking at setting up a couple automated systems: Here are a few examples:
* Internal accounting system to download and process emails
* Public web server to visit
I could put each system on its own separate box -- for example, it's generally good practice to separate anything that external users have access to (such as a webserver) from internal processes such as accounting. Now, rather than dishing out the money for two separate servers, could I get away with just installing new instances of VMWare on the same box for each system?
To give you an idea, these are not large scale computationally sensitive systems. The accounting one is simply downloading and tallying emails, and the latter is just a webserver with maybe 5 hits per day on a good day. I could definitely pick up a new box for say $50, but I wanted to know the general practice of using VMWare on the same box versus two separate boxes.
I am attempting to make a shared folder for people that VPN into the network. This folder needs to be accessible to windows and mac machines. So far I have the VPN through ppptd working. I just don't know how to make a folder. I feel like this should be fairly easy. I am using Lucid Lynx server edition.
View 1 Replies View Relatedcan i use one samba share with a folder showing the contents of another directory.shortcuts don't work on non ubuntu systems and it won't resolve links to files no on the share
View 5 Replies View RelatedI'm curious if anybody can shed some light for me in this department. We're in a large environment with a Windows DHCP Server. We have been tinkering with LTSP on Edubuntu as thin and fat clients. It works great, but right now we just have 1 server handling the lab, which works fine unless we want to expand, which may be very possible.
These are the instructions I received:
Login to your windows server and load the DHCP configuration screen
Create a DHCP reservation for the MAC address you obtained
Add the configuration options below to enable the machine to boot from the LTSP server
017 Root Path: /opt/ltsp/i386
066 Boot Server Host Name: <ip address>
067 Bootfile Name: ltsp/arch/pxelinux.0 # Specify CPU architecture in place of 'arch', for instance 'i386'
From: [url]
I'm curious, what if I want to have multiple Ubuntu servers on the network that I want to have bootable? For example, let's say I have 3 labs, and 3 servers. Server A to Lab A, Server B to Lab B, and Server C to Lab C. I want all C's computers to boot to C, and B to B, A to A, etc.
1 - How would I add multiple entries on the Windows DHCP Server to allow all 3 (A B C) servers to boot?
2 - How would I be able to isolate the clients so ONLY Lab A clients boot to Server A, etc?