Re: Permissions
You could just change the user's shell. it's not too hard to write a small program that simply says "This login is not valid for telnet service" which then pauses for long enough to read the message and exits sending the user out. That's what I did when I had an FTP-only user... On Thu, 25 May 2000, you wrote: How do I prevent a new user (added with adduser) from accessing anything but his /home/newuser directory. Actually, it would be best if they could only access their directory and not even go back to /home. I am attempting this on an anonymous ftp server running Redhat 5.2. I created this user and set the home directory but if I log-in under his name I can get to any directory on the system. The other users directory in the /home dir are set to drxw-- so they are not a problem, but all other directories are wide open to this new userat least to look around. Seems strange but I guess when this ftp server (Version wu-2.4.2-academ[Beta 18](1)Mon Aug 3 19:17:20 EDT 1998) was set up they didn't expect any users to be added... all access would be anonymous. I want to allow some of our new programmers to upload files to us and pick up files from us via ftp. They are not to have telnet or any other service, just ftp in and out. This server is not at our location but is co-located so I have to do this via telnet from a Win 98 machine in the office. Will it screw up the anonymous ftp service if I start changing permissions on the other directories? Is there a better way to set up this user for ftp only? I am new, new, new to Linux so please be gentle.. Dave Wyatt
Re: Suse 6.4 on DVD
On Thu, 25 May 2000, Jim K wrote: Date: Thu, 25 May 2000 21:57:05 -0700 From: Jim K [EMAIL PROTECTED] Subject: Suse 6.4 on DVD Hi Folks; I just saw SUSE 6.4 on DVD that is right DVD for sale on www.PCMALL.com I suspect it is only one or 2 disk set bet for the suse fans it may be a good deal if you have DVD, can other distros be far behind. I am sure you can find it on other sites also. Actually, SuSE started that with 6.3, (one disk instead of 6 CD's). Same price. No surprise, no CSS. So far I haven't seen another distro advertising DVD distribution, but then, not a lot of distros go to 6 CD's. -- Ed Craig [EMAIL PROTECTED] TaxiLinux FreeBSD Think this through with me, let me know your mind...Hunter/Garcia
Re: wireless lan - airport
Curt, Ok... so you dont own the network, thats the issue, you own 3 out of 128 ip's. In this case definetly use your isp's gateway (whatever they suggest you use (usually x.x.x.1), your broadcast will probably be x.x.x.127, network address would be x.x.x.0, but you dont need to worry about any of that, and that doenst solve your problem. so... i guess i forgot your problem? do you want to setup a network radio device using a machine on one of your static ip's? Jamie On Thu, 25 May 2000 [EMAIL PROTECTED] wrote: Well, in my particular case, I have three static IPs in a class C block, but my subnet is 255.255.255.128 so it's not within the entire class C block. However, my IPs aren't sequential and are as much as 50 apart (sequentially speaking) - which leads me to assume that someone else has IPs assigned to them that are in between two of mine. Does that complicate anything? Can I still arbitrarily choose one of my three as a gateway for the other two without having to tell my ISP anything? Curt On Thu, May 25, 2000 at 03:00:43PM -0700, Seth Cohn wrote: At 11:38 AM 05/25/2000 -0700, you wrote: Ah. The three IPs are in a block. I sit corrected. I dont believe so... There is no such thing as a block of 3 IP's AFAIK, you can make a subnet of 8 ip's, inwhich you use 3 of them for your net (network, gateway, and broadcast, addresses, Not quite: on 8, you lose just 2. that's 6. check out http://www.agt.net/public/sparkman/netcalc.htm that's /29 netting So... probably he has 3 ip's in a block of 256, with a netmask of 255.255.255.0 (which means he has 3 ip's in someone elses network, which is really quite different!) maybe not. He might have 3 in a a block of 6, or might have 3 in a block of 14, etc... 2 ips can be blocked as /30 btw, with 4 ips used total. I guess the real question to ask is, your existing netmask is WHAT? that would answer the question. Seth
Re: Dual boot installation
Hi Seth, Does SUSE 6.3 have the new LILO? Thanks, Steve On Fri, 26 May 2000, Seth Cohn wrote: tried it. Lilo will work as long as you first cyl of your partition is under 1024 :) The new lilo will work with any size drive. It's a worthwhile upgrade. If you want a fresh install, install the old, it'll fail, make a boot floppy first. Boot off the floppy, install the new lilo.rpm file, and add the line to the lilo (it's an LBA line... read the docs)
Re: Permissions
Okay, I got out the ole book(s) and found the answer to the first part of my question which was how to restrict the user during FTP. It seems that adding guestgroup groupname to the etc/ftpaccess file will allow the setting of the users root directory during FTP. The user is given normal anonymous privileges plus whatever you want to grant or deny in the ftpaccess file and the directory modes. The users login home directory is then set in the password file slightly different than the normal entry. Lets say the directory we want him to use is /home/ftp/user/user1. The entry in the password file is: /home/ftp/user/./user1 The dot between user/ and /user1 tells Linux to make /home/ftp/user the root for this user and /home/ftp/user/user1 the login home directory. The user sees it as /user1 . He can go back to / (which in reality is /home/ftp/user) but no further. Perfect! Just what I wanted. Too bad this doesn't work for Telnet also. The user logs-in to the correct directory but can move about as he wishes. I am not sure how to implement the change in the users' shell as suggested below but I am still reading and trying things.. Dave - Original Message - From: "Magnus" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 25, 2000 8:46 PM Subject: Re: Permissions You could just change the user's shell. it's not too hard to write a small program that simply says "This login is not valid for telnet service" which then pauses for long enough to read the message and exits sending the user out. That's what I did when I had an FTP-only user... On Thu, 25 May 2000, you wrote: How do I prevent a new user (added with adduser) from accessing anything but his /home/newuser directory. Actually, it would be best if they could only access their directory and not even go back to /home. I am attempting this on an anonymous ftp server running Redhat 5.2. I created this user and set the home directory but if I log-in under his name I can get to any directory on the system. The other users directory in the /home dir are set to drxw-- so they are not a problem, but all other directories are wide open to this new userat least to look around. Seems strange but I guess when this ftp server (Version wu-2.4.2-academ[Beta 18](1)Mon Aug 3 19:17:20 EDT 1998) was set up they didn't expect any users to be added... all access would be anonymous. I want to allow some of our new programmers to upload files to us and pick up files from us via ftp. They are not to have telnet or any other service, just ftp in and out. This server is not at our location but is co-located so I have to do this via telnet from a Win 98 machine in the office. Will it screw up the anonymous ftp service if I start changing permissions on the other directories? Is there a better way to set up this user for ftp only? I am new, new, new to Linux so please be gentle.. Dave Wyatt
Re: Permissions
Too bad this doesn't work for Telnet also. The user logs-in to the correct directory but can move about as he wishes. I am not sure how to implement the change in the users' shell as suggested below but I am still reading and trying things.. The problem really is that in order to function with Unix, you need read access to much of the system, and telnet just drops you at a shell, from which, if you can read it, you can do stuff. removing the execute permissions from a directory WILL stop you from entering that directory, but that's a bit extreme. My suggestion: Why do you allow telnet to them? If you want them to have access only to limited things, try using a BBS style program which give you the ability to lock them down if you give them access at all. A few exist... try freshmeat.net
Re: Permissions
- Original Message - From: "Seth Cohn" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 26, 2000 2:46 PM Subject: Re: Permissions Too bad this doesn't work for Telnet also. The user logs-in to the correct directory but can move about as he wishes. I am not sure how to implement the change in the users' shell as suggested below but I am still reading and trying things.. The problem really is that in order to function with Unix, you need read access to much of the system, and telnet just drops you at a shell, from which, if you can read it, you can do stuff. removing the execute permissions from a directory WILL stop you from entering that directory, but that's a bit extreme. My suggestion: Why do you allow telnet to them? If you want them to have access only to limited things, try using a BBS style program which give you the ability to lock them down if you give them access at all. A few exist... try freshmeat.net I really only want them to have FTP available. Telnet is not necessary at all. Am I wrong in the thought that Telnet comes with the territory as a user on the system? I would just as soon keep them from anything other than FTP. Maybe the BBS type application is an answer. I'll check freshmeat.net as you suggested. Dave
Re: Permissions
I really only want them to have FTP available. Telnet is not necessary at all. Am I wrong in the thought that Telnet comes with the territory as a user on the system? Yes, you are wrong. :) Telnet is a service like any other. You can disable telnet altogether. I often do. SSH is much better and you can set SSH to only let people on if they have the right stuff (ie keys, etc). Turn your telnet off (add a # into /etc/inetd.conf in front of the telnet line) But keep in mind, you also won't be able to telnet I would just as soon keep them from anything other than FTP. Maybe the BBS type application is an answer. I'll check freshmeat.net as you suggested. I thought you wanted them to have some sort of access if you don't, it's really easy... Seth
test
is this going thru?
Re: Permissions
On Fri, May 26, 2000 at 02:46:26PM -0700, Seth Cohn wrote: Too bad this doesn't work for Telnet also. The user logs-in to the correct directory but can move about as he wishes. I am not sure how to implement the change in the users' shell as suggested below but I am still reading and trying things.. There's such a thing as a restricted shell; see the bash man pages. With rsh + chroot, one can create a quite well protected closed user environment. -- Randolph Fritz Eugene, Oregon, USA
Re: test
no! On Fri, 26 May 2000, Michael C. King wrote: is this going thru?
right on!
finally! LOL someone gave me a lug-eug addy, and i tried every variant until a cat suggested reversing the order. I'd like to sign up to join the linux users group. been jonesin to put a red hat on my puter for years now, but haven't had a puter to put it on. my old laptop is about to be retired, when i get another system here pretty soon, and want to make it a little old linux machine. and of course, i wanna be up to date on all the newest/latest, even tho i'm an old-schooler. was just turned on to pc-train, and that's a good start. lemme know what's goin on, brother Seth! Thanks dude. Mk
Re: right on!
well, I can trade a fine Linux machine for your laptop, I'll even install RedHat 6.1 for you if you want! LindaC - Original Message - From: "Michael C. King" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: "Michael C. King" [EMAIL PROTECTED] Sent: Friday, May 26, 2000 5:40 PM Subject: right on! finally! LOL someone gave me a lug-eug addy, and i tried every variant until a cat suggested reversing the order. I'd like to sign up to join the linux users group. been jonesin to put a red hat on my puter for years now, but haven't had a puter to put it on. my old laptop is about to be retired, when i get another system here pretty soon, and want to make it a little old linux machine. and of course, i wanna be up to date on all the newest/latest, even tho i'm an old-schooler. was just turned on to pc-train, and that's a good start. lemme know what's goin on, brother Seth! Thanks dude. Mk