Re: [gentoo-user] Creating a restricted user

2007-12-11 Thread Nangus Garba 
if you want to make it so that a user can not look at a directory such as
/var you can use a command such as:
chmod o-x /var

basically that takes away execute privileges for other. Basically what
happens when you run the ls command it executes the directory. You can do
that for each directory that you do not want anyone but the owner or root to
be able to look at.
Read the man page of chmod for a better explanation.

On Dec 11, 2007 8:27 PM, Grant [EMAIL PROTECTED] wrote:

 I'd like to create a really restricted user on my laptop.  I don't
 want the user to be able to do much of anything but browse the web,
 use skype, and maybe look at photos on a CD or something.  I did this:

 useradd -m -G users,audio,cdrom -s /sbin/nologin newuser

 How does that look?  I've noticed when adding this kind of a user in
 the past they are able to look at files all around the system that I'd
 prefer they can't.  Is there a good method for restricting that?
 Maybe remove the users group?  Is a weak password OK with this setup
 since there's no shell access?

 - Grant
 --
 [EMAIL PROTECTED] mailing list

Re: [gentoo-user] Creating a restricted user

2007-12-11 Thread Nangus Garba 
oh be really really really careful with this you can take away peoples
access to libraries and executables and generally bork your system so be
supper careful.
nangus

On Dec 11, 2007 10:19 PM, Nangus Garba [EMAIL PROTECTED] wrote:

 if you want to make it so that a user can not look at a directory such as
 /var you can use a command such as:
 chmod o-x /var

 basically that takes away execute privileges for other. Basically what
 happens when you run the ls command it executes the directory. You can do
 that for each directory that you do not want anyone but the owner or root to
 be able to look at.
 Read the man page of chmod for a better explanation.


 On Dec 11, 2007 8:27 PM, Grant [EMAIL PROTECTED] wrote:

  I'd like to create a really restricted user on my laptop.  I don't
  want the user to be able to do much of anything but browse the web,
  use skype, and maybe look at photos on a CD or something.  I did this:
 
  useradd -m -G users,audio,cdrom -s /sbin/nologin newuser
 
  How does that look?  I've noticed when adding this kind of a user in
  the past they are able to look at files all around the system that I'd
  prefer they can't.  Is there a good method for restricting that?
  Maybe remove the users group?  Is a weak password OK with this setup
  since there's no shell access?
 
  - Grant
  --
  [EMAIL PROTECTED] mailing list

Re: [gentoo-user] {OT} Webmail in portage without PHP?

2006-12-06 Thread Nangus Garba 


Is there a decent webmail package in portage (or a layman overlay)
that doesn't depend on PHP?



what is the problem with php? Every webmail is going to need to depend on
some kind of server side scripting.

Nangus

Re: [gentoo-user] lost /boot recovery options?

2006-12-04 Thread Nangus Garba 

is your boot file just not mounted?

Nangus

On 12/4/06, James [EMAIL PROTECTED] wrote:


Hello,

I somehow lost /boot on an amd64 (turion) laptop. I have an old copy
of grub.conf, but no backup of the entire /boot dir. Since I do not
have another amd64 system, can I just copy over most of the
(non arch dependant files) and recreate the arch dependant files?
The system is still booted up, so I need to make repairs before
rebooting again.

I've built a new kernel and copied it over to /boot. I've copied
over the /boot/grub/grub.conf file from an archive.

Once I copy of the non-arch_dependant files (not sure which ones
those are) do I need to run grub again?

Besides the kernel, are there any arch unique files I need to
recreate or copy from somewhere off the net?

Any ideas or guidance as to how to recover, without reinstallation
are most appreciated.


James



--
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Newly created user can't ssh in but others can?

2006-11-17 Thread Nangus Garba 

Is  the user in the group that is allowed to ssh in? I think it is the sshd
group or something like that.

code affe

Re: [gentoo-user] Help with script for iptables

2006-11-16 Thread Nangus Garba 

# I think that a set of rules that looks something like this would be easier
to maintain
# there are 500 little tricks that I could add if I was home and had my
notes

iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT

#this will take care of all interfaces by default
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# maybe you should just use one interface for portage to connect through
such as eth0
# might also be a good plan to use the mac address instead of the ip it is a
little harder to spoof

#Allow rsync connections from study1 to update portage
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 873 -d
192.168.0.5 -j ACCEPT
#Allow tcp connections from study1 to download distfiles
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 1024 -d
192.168.0.5 -j ACCEPT
#  these rules are kinda taken car of by: iptables -P INPUT DROP
#   iptables -A INPUT -p tcp -i ${x} -j DROP
#iptables -A INPUT -p udp -i ${x} -j DROP