Re: file permission question
On Mon, 1 Oct 2001, default wrote: Hi, I am allowing a couple of ppl to have a shell account on one of my machines, and I am making a few changes to disallow them from using certain things... like chmoding the 'ps' command to 550 etc... I wanted to ask, is there any reason why one wouldn't want to chmod to 640 the passwd file and other similar files? ... the base system is relativly secure on it's own. changing the permissions on things like the passwd file breaks some programs that need it to read user information. since the encrypted passwords are in /etc/master.passwd, (which is permission 0600) you don't really need to change that. honestly, changing permissions of 'standard' applications and utilities is not going to stop a determined user on your server from abusing resources. since having any users, other than yourself, on a machine is technically a security risk. your best bet is to meticuously comb through your installed files, and only allow trusted users on your machines. ---/ f. johan beisser /--+ http://caustic.org/~jan [EMAIL PROTECTED] if my thought-dreams could be seen.. they'd probably put my head in a gillotine -- Bob Dylan To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-security in the body of the message ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
A stupid question about Linux-Flashplayer6 and firefox
anyone actually have sound? I've got FreeBSD 5.2-CURRENT Mar 14 with Firefox 0.8. Latest linuxpluginwrapper (march 10, built from ports) and the correct (as suggested by the linuxpluginwrapper port) mappings for libmap. so, as far as i can tell, it *should* work, but just doesn't. ---/ f. johan beisser /--+ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD zip drive install
On Wed, 21 Jan 2004, al plant wrote: I have a FreeBSD 4.4 box that works fine with Zip drives. I have another 4.4 that I can't get to configure the /zip drive. I am now building the box using 4.9 and can't get the zip drive to work on it either. first, what kind of zip drive? USB? paralell port? SCSI? snd module installs and works fine BTW on all three boxes. i don't know what this has to do with a zip drive. The error messages I get are /dev/da0s4 Device not configured. and trying to unload the kernel module to reload it gives the same message. generally, that means you might not have the right FS or not have a disk in it. da0* shows up under /dev unless you're using devfs, it'll always be there. Is there another way to assure that the detection is being made? I see an error under dmesg now: vpo0 IOMEGA drive Parallel to SCSI is detected on ppbus0 vpo0 EPP mode (seems OK.) BUT: vpo0: VPO error/time out (5) shows just before the last line of the dmesg file. Any idea what I should be looking for? that seems like it may be a paralell port issue. i'd suggest trying to swap your zip drives between the working and non-working machines to make sure the hardware isn't bad. I am doing this vpo install from old notes and I can't figure out what's causing the configuration failure. it could well be a hardware problem, although generally it's a driver or kernel configuration problem. I also tried entering /etc/fstab parameters same as the other box that works. /dev/da0s4 /zip msdos rw,noauto 0 0 this won't do you much good until the hardware is working. keep it in though, no reason to delete it just yet. The 3 da0 entries that show up on the 4.4 box dmesg that works do not show up on the other 2 boxes. da0 at vpo0 bus0 target6 lun0 da0 : (iomega zip) da0 : 96mb well, do you have scsi devices compiled in to the kernel? how about the scsi kernel module? it'll be needed to handle any da device Any of you FreeBSD guys know how to cure this? not really, no. i can just suggest places to start looking. ---/ f. johan beisser /--+ The other day I asked former Yankees pitcher Jim Bouton what he thought of our great victory over Iraq, and he said, Mohammed Ali versus Mr. Rogers. -- kurt vonnegut, 5.9.03 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: *****SPAM***** Security Problem (?): strange logs
On Fri, 21 Feb 2003, P. U. Kruppa wrote: Do I have any serious security problem, or are these some script kiddies ? those are output logs from samba. people are connecting, and trying to see any of your smb shares. ---/ f. johan beisser /--+ http://caustic.org/~jan [EMAIL PROTECTED] Champagne for my real friends, real pain for my sham friends. -- Tom Waits To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: /usr/home encryption.
On Mon, 28 Oct 2002, Yann Golanski wrote: Is there a simple and efficent way to encrypt /usr/home so that only the user can read his own directory? not really. it would be a processing nightmare anyway. you probably want to simply adjust the UMASK of each user to not allow anyone to read anyone elses home directory. just as effective, and much less CPU overhead. ---/ f. johan beisser /--+ http://caustic.org/~jan [EMAIL PROTECTED] Champagne for my real friends, real pain for my sham friends. -- Tom Waits To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: incorrect super block
On Sun, 29 Sep 2002, iulian wrote: I have tried this one but the message is file exists. I don't know what's happening! try this, then: umount -f /cdrom then: mount_cd9660 /dev/acd0c /cdrom after this, check your /etc/fstab, make sure it has an entry like: /dev/acd0c /cdrom cd9660 ro,noauto 0 0 if not, add that. from then on, as root, you can simply type mount /cdrom and it should just work. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
