Re: Permissions

[Magnus]

You could just change the user's shell. it's not too hard to write a small
program that simply says "This login is not valid for telnet service" which
then pauses for long enough to read the message and exits sending the user out.
That's what I did when I had an FTP-only user... 

On Thu, 25 May 2000, you wrote:
 How do I prevent a new user (added with adduser) from accessing
 anything but his /home/newuser directory.  Actually, it would be best
 if they could only access their directory and not even go back to
 /home. I am attempting this on an anonymous ftp server running Redhat
 5.2.  I created this user and set the home directory but if I log-in
 under his name I can get to any directory on the system.  The other
 users directory in the /home dir are set to drxw-- so they are not
 a problem, but all other directories are wide open to this new
 userat least to look around.  Seems strange but I guess when this
 ftp server (Version wu-2.4.2-academ[Beta 18](1)Mon Aug 3 19:17:20 EDT
 1998) was set up they didn't expect any users to be added... all
 access would be anonymous.
 
 I want to allow some of our new programmers to upload files to us and
 pick up files from us via ftp.  They are not to have telnet or any
 other service, just ftp in and out.  This server is not at our
 location but is co-located so I have to do this via telnet from a Win
 98 machine in the office. Will it screw up the anonymous ftp service
 if I start changing permissions on the other directories?  Is there a
 better way to set up this user for ftp only?
 
 I am new, new, new to Linux so please be gentle..
 
 Dave Wyatt

Re: Suse 6.4 on DVD

[Edward Craig]

On Thu, 25 May 2000, Jim K wrote:

 Date: Thu, 25 May 2000 21:57:05 -0700
 From: Jim K [EMAIL PROTECTED]
 Subject: Suse 6.4 on DVD
 Hi Folks;
I just saw SUSE 6.4 on DVD that is right DVD for sale on
 www.PCMALL.com I suspect it is only one or 2 disk set bet for the suse
 fans it may be a good deal if you have DVD, can other distros be far
 behind.  I am sure you can find it on other sites also.
Actually, SuSE started that with 6.3, (one disk instead of 6
CD's). Same price. 
No surprise, no CSS. 
So far I haven't seen another distro advertising DVD distribution,
but then, not a lot of distros go to 6 CD's.

-- 
Ed Craig [EMAIL PROTECTED]
TaxiLinux   FreeBSD
Think this through with me, let me know your mind...Hunter/Garcia

Re: wireless lan - airport

[Linux Rocks!]

Curt,
Ok... so you dont own the network, thats the issue, you own 3 out
of 128 ip's. In this case definetly use your isp's gateway (whatever they
suggest you use (usually x.x.x.1), your broadcast will probably be
x.x.x.127, network address would be x.x.x.0, but you dont need to worry
about any of that, and that doenst solve your problem. so... i guess i
forgot your problem? do you want to setup a network radio device using a
machine on one of your static ip's? 

Jamie

On Thu, 25 May 2000 [EMAIL PROTECTED] wrote:

 
 Well, in my particular case, I have three static IPs in a
 class C block, but my subnet is 255.255.255.128 so it's
 not within the entire class C block.  However, my IPs aren't
 sequential and are as much as 50 apart (sequentially speaking)
 - which leads me to assume that someone else has IPs assigned 
 to them that are in between two of mine.  Does that complicate 
 anything?  Can I still arbitrarily choose one of my three as 
 a gateway for the other two without having to tell my ISP anything?
 
 Curt
 
 On Thu, May 25, 2000 at 03:00:43PM -0700, Seth Cohn wrote:
  At 11:38 AM 05/25/2000 -0700, you wrote:
Ah.  The three IPs are in a block.  I sit corrected.
  I dont believe so... There is no such thing as a block of 3 IP's AFAIK,
  you can make a subnet of 8 ip's, inwhich you use 3 of them for your net
  (network, gateway, and broadcast, addresses,
  
  Not quite:
  
  on 8, you lose just 2.  that's 6.
  
  check out
  
  http://www.agt.net/public/sparkman/netcalc.htm
  
  that's /29 netting
  
   So... probably he has 3 ip's in a block of 256, with a netmask of
  255.255.255.0 (which means he has 3 ip's in someone elses network, which
  is really quite different!)
  
  
  maybe not.  He might have 3 in a a block of 6, or might have 3 in a
  block of 14, etc...
  
  2 ips can be blocked as /30 btw, with 4 ips used total.
  
  I guess the real question to ask is, your existing netmask is WHAT?
  that would answer the question.
  
  Seth
  
 

Re: Dual boot installation

[Stephen A. Brenner]

Hi Seth,

Does SUSE 6.3 have the new LILO?

Thanks,

Steve

On Fri, 26 May 2000, Seth Cohn wrote:

 
 tried it.  Lilo will work as long as you first cyl of your partition is
 under 1024  :)
 
 The new lilo will work with any size drive.  It's a worthwhile upgrade.
 If you want a fresh install, install the old, it'll fail, make a boot
 floppy first.  Boot off the floppy, install the new lilo.rpm file, and add the
 line to the lilo (it's an LBA line... read the docs)
 

Re: Permissions

[Dave Wyatt]

Okay, I got out the ole book(s) and found the answer to the first part
of my question which was how to restrict the user during FTP.

It seems that adding   guestgroup groupname  to the  etc/ftpaccess
file will allow the setting of the users root directory during FTP.
The user is given normal anonymous privileges plus whatever you want
to grant or deny in the  ftpaccess  file and the directory modes.  The
users login home directory is then set in the password file slightly
different than the normal entry.

Lets say the directory we want him to use is /home/ftp/user/user1.
The entry in the password file is:
/home/ftp/user/./user1
The dot between  user/  and  /user1  tells Linux to make
/home/ftp/user   the root for this user and  /home/ftp/user/user1  the
login home directory.  The user sees it as  /user1  .  He can go back
to  /  (which in reality is  /home/ftp/user) but no further.  Perfect!
Just what I wanted.

Too bad this doesn't work for Telnet also.  The user logs-in to the
correct directory but can move about as he wishes.  I am not sure how
to implement the change in the users' shell as suggested below but I
am still reading and trying things..

Dave

- Original Message -
 From: "Magnus" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, May 25, 2000 8:46 PM
 Subject: Re: Permissions


  You could just change the user's shell. it's not too hard to write
a
 small
  program that simply says "This login is not valid for telnet
service"
 which
  then pauses for long enough to read the message and exits sending
the
 user out.
  That's what I did when I had an FTP-only user...
 
  On Thu, 25 May 2000, you wrote:
   How do I prevent a new user (added with adduser) from accessing
   anything but his /home/newuser directory.  Actually, it would be
best
   if they could only access their directory and not even go back
to
   /home. I am attempting this on an anonymous ftp server running
Redhat
   5.2.  I created this user and set the home directory but if I
log-in
   under his name I can get to any directory on the system.  The
other
   users directory in the /home dir are set to drxw-- so they
are not
   a problem, but all other directories are wide open to this new
   userat least to look around.  Seems strange but I guess when
this
   ftp server (Version wu-2.4.2-academ[Beta 18](1)Mon Aug 3
19:17:20 EDT
   1998) was set up they didn't expect any users to be added... all
   access would be anonymous.
  
   I want to allow some of our new programmers to upload files to
us and
   pick up files from us via ftp.  They are not to have telnet or
any
   other service, just ftp in and out.  This server is not at our
   location but is co-located so I have to do this via telnet from
a Win
   98 machine in the office. Will it screw up the anonymous ftp
service
   if I start changing permissions on the other directories?  Is
there a
   better way to set up this user for ftp only?
  
   I am new, new, new to Linux so please be gentle..
  
   Dave Wyatt
 
 

Re: Permissions

[Seth Cohn]

Too bad this doesn't work for Telnet also.  The user logs-in to the
correct directory but can move about as he wishes.  I am not sure how
to implement the change in the users' shell as suggested below but I
am still reading and trying things..

The problem really is that in order to function with Unix, you need read 
access to much of the system, and telnet just drops you at a shell, from 
which, if you can read it, you can do stuff.  removing the execute 
permissions from a directory WILL stop you from entering that directory, 
but that's a bit extreme.

My suggestion:  Why do you allow telnet to them?  If you want them to have
access only to limited things, try using a BBS style program which give you 
the ability to lock them down if you give them access at all.  A few 
exist...
try freshmeat.net

Re: Permissions

[Dave Wyatt]

- Original Message -
From: "Seth Cohn" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 26, 2000 2:46 PM
Subject: Re: Permissions



 Too bad this doesn't work for Telnet also.  The user logs-in to the
 correct directory but can move about as he wishes.  I am not sure
how
 to implement the change in the users' shell as suggested below but
I
 am still reading and trying things..

 The problem really is that in order to function with Unix, you need
read
 access to much of the system, and telnet just drops you at a shell,
from
 which, if you can read it, you can do stuff.  removing the execute
 permissions from a directory WILL stop you from entering that
directory,
 but that's a bit extreme.

 My suggestion:  Why do you allow telnet to them?  If you want them
to have
 access only to limited things, try using a BBS style program which
give you
 the ability to lock them down if you give them access at all.  A
few
 exist...
 try freshmeat.net


I really only want them to have FTP available.  Telnet is not
necessary at all. Am I wrong in the thought that Telnet comes with the
territory as a user on the system?   I would just as soon keep them
from anything other than FTP.  Maybe the BBS type application is an
answer. I'll check freshmeat.net as you suggested.

Dave

Re: Permissions

[Seth Cohn]

I really only want them to have FTP available.  Telnet is not
necessary at all. Am I wrong in the thought that Telnet comes with the
territory as a user on the system?

Yes, you are wrong. :)  Telnet is a service like any other.
You can disable telnet altogether.  I often do.  SSH is much better
and you can set SSH to only let people on if they have the right
stuff (ie keys, etc).

Turn your telnet off (add a # into /etc/inetd.conf in front of the telnet line)
But keep in mind, you also won't be able to telnet

   I would just as soon keep them
from anything other than FTP.  Maybe the BBS type application is an
answer. I'll check freshmeat.net as you suggested.

I thought you wanted them to have some sort of access if you don't, 
it's really easy...

Seth

test

[Michael C. King]

is this going thru?

Re: Permissions

[Randolph Fritz]

On Fri, May 26, 2000 at 02:46:26PM -0700, Seth Cohn wrote:
 
 Too bad this doesn't work for Telnet also.  The user logs-in to the
 correct directory but can move about as he wishes.  I am not sure how
 to implement the change in the users' shell as suggested below but I
 am still reading and trying things..
 

There's such a thing as a restricted shell; see the bash man pages.
With rsh + chroot, one can create a quite well protected closed user
environment.

-- 
Randolph Fritz
Eugene, Oregon, USA

Re: test

[Linux Rocks!]

no! 

On Fri, 26 May 2000, Michael C. King wrote:

 is this going thru?
 

right on!

[Michael C. King]

finally!
LOL

someone gave me a lug-eug addy, and i tried every variant until a cat
suggested reversing the order. 

I'd like to sign up to join the linux users group.
been jonesin to put a red hat on my puter for years now,
but haven't had a puter to put it on.

my old laptop is about to be retired, when i get another system here
pretty soon, and want to make it a little old linux machine.

and of course, i wanna be up to date on all the newest/latest, even tho
i'm an old-schooler.

was just turned on to pc-train, and that's a good start.
lemme know what's goin on, brother Seth!

Thanks dude.
Mk

Re: right on!

[Linda Carpenter]

well, I can trade a fine Linux machine for your laptop,  I'll even install
RedHat 6.1 for you if you want!

LindaC

- Original Message -
From: "Michael C. King" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: "Michael C. King" [EMAIL PROTECTED]
Sent: Friday, May 26, 2000 5:40 PM
Subject: right on!


 finally!
 LOL

 someone gave me a lug-eug addy, and i tried every variant until a cat
 suggested reversing the order.

 I'd like to sign up to join the linux users group.
 been jonesin to put a red hat on my puter for years now,
 but haven't had a puter to put it on.

 my old laptop is about to be retired, when i get another system here
 pretty soon, and want to make it a little old linux machine.

 and of course, i wanna be up to date on all the newest/latest, even tho
 i'm an old-schooler.

 was just turned on to pc-train, and that's a good start.
 lemme know what's goin on, brother Seth!

 Thanks dude.
 Mk