Re: [gentoo-user] Creating a restricted user
oh be really really really careful with this you can take away peoples access to libraries and executables and generally bork your system so be supper careful. nangus On Dec 11, 2007 10:19 PM, Nangus Garba <[EMAIL PROTECTED]> wrote: > if you want to make it so that a user can not look at a directory such as > /var you can use a command such as: > chmod o-x /var > > basically that takes away execute privileges for other. Basically what > happens when you run the ls command it executes the directory. You can do > that for each directory that you do not want anyone but the owner or root to > be able to look at. > Read the man page of chmod for a better explanation. > > > On Dec 11, 2007 8:27 PM, Grant <[EMAIL PROTECTED]> wrote: > > > I'd like to create a really restricted user on my laptop. I don't > > want the user to be able to do much of anything but browse the web, > > use skype, and maybe look at photos on a CD or something. I did this: > > > > useradd -m -G users,audio,cdrom -s /sbin/nologin newuser > > > > How does that look? I've noticed when adding this kind of a user in > > the past they are able to look at files all around the system that I'd > > prefer they can't. Is there a good method for restricting that? > > Maybe remove the users group? Is a weak password OK with this setup > > since there's no shell access? > > > > - Grant > > -- > > [EMAIL PROTECTED] mailing list > > > > >
Re: [gentoo-user] Creating a restricted user
if you want to make it so that a user can not look at a directory such as /var you can use a command such as: chmod o-x /var basically that takes away execute privileges for other. Basically what happens when you run the ls command it executes the directory. You can do that for each directory that you do not want anyone but the owner or root to be able to look at. Read the man page of chmod for a better explanation. On Dec 11, 2007 8:27 PM, Grant <[EMAIL PROTECTED]> wrote: > I'd like to create a really restricted user on my laptop. I don't > want the user to be able to do much of anything but browse the web, > use skype, and maybe look at photos on a CD or something. I did this: > > useradd -m -G users,audio,cdrom -s /sbin/nologin newuser > > How does that look? I've noticed when adding this kind of a user in > the past they are able to look at files all around the system that I'd > prefer they can't. Is there a good method for restricting that? > Maybe remove the users group? Is a weak password OK with this setup > since there's no shell access? > > - Grant > -- > [EMAIL PROTECTED] mailing list > >
Re: [gentoo-user] {OT} Webmail in portage without PHP?
Is there a decent webmail package in portage (or a layman overlay) that doesn't depend on PHP? what is the problem with php? Every webmail is going to need to depend on some kind of server side scripting. Nangus
Re: [gentoo-user] lost /boot recovery options?
is your boot file just not mounted? Nangus On 12/4/06, James <[EMAIL PROTECTED]> wrote: Hello, I somehow lost /boot on an amd64 (turion) laptop. I have an old copy of grub.conf, but no backup of the entire /boot dir. Since I do not have another amd64 system, can I just copy over most of the (non arch dependant files) and recreate the arch dependant files? The system is still booted up, so I need to make repairs before rebooting again. I've built a new kernel and copied it over to /boot. I've copied over the /boot/grub/grub.conf file from an archive. Once I copy of the non-arch_dependant files (not sure which ones those are) do I need to run grub again? Besides the kernel, are there any arch unique files I need to recreate or copy from somewhere off the net? Any ideas or guidance as to how to recover, without reinstallation are most appreciated. James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Newly created user can't ssh in but others can?
Is the user in the group that is allowed to ssh in? I think it is the sshd group or something like that. code affe
Re: [gentoo-user] Help with script for iptables
# I think that a set of rules that looks something like this would be easier to maintain # there are 500 little tricks that I could add if I was home and had my notes iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT #this will take care of all interfaces by default iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # maybe you should just use one interface for portage to connect through such as eth0 # might also be a good plan to use the mac address instead of the ip it is a little harder to spoof #Allow rsync connections from study1 to update portage iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 873 -d 192.168.0.5 -j ACCEPT #Allow tcp connections from study1 to download distfiles iptables -A INPUT -i eth0 -p tcp -s 192.168.0.2 -m tcp --dport 1024 -d 192.168.0.5 -j ACCEPT # these rules are kinda taken car of by: iptables -P INPUT DROP # iptables -A INPUT -p tcp -i ${x} -j DROP #iptables -A INPUT -p udp -i ${x} -j DROP