Re: [gentoo-user] Setting up sftp and user permissions
a) The new user is asked to login with passwd as opposed to pubkey. This is surprising as (I thought) that I had set up sshd_config to allow pubkey authentication only - need to check this again when I get home. Other than a misconfigured sshd_config could it be anything else that causes this? If you want to disable password based logons, and only use shared keys, then change UsePAM yes to UsePAM no. b) Once logged in via sftp the new user can read and access other users files. This is because the default permission setting for /home/%u/ is 0644 (rw-r--r--). Is there a clever way of tightening this down without messing up all home file and directory permissions indiscriminately? chmod 700 /home/* I understand that there are many ways to skin a cat - in this case to contain somewhat what a plain user can and cannot do when they log in via sftp. Some ideas that I have across are to use a limited shell like rssh, use an ssh chroot, modify the umask for user directories. I am interested to find out what you might have tried and what you would recommend. If you're that worried about them having shell access, then don't use sftp. Use encrypted ftp (ftp + tls ... pureftpd provides this) for file transfers, or even webdav over https. -Sean -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] I want to configure an email server
Dan Cowsill wrote: However, I would very much like to have my very own email server under my own domain name. You should really have a static public IP address for that. So what I'm asking you guys for is documentation, software packages, recommended setups, anything you can add. I am not looking for an all in one HOWTO (and don't really expect to find one with such a complicated process) and I am willing to RTFM when necessary. Personally, I'm a qmail person, and he Life with qmail documentation is pretty good: http://www.lifewithqmail.org/lwq.html The package name for qmail has changed recently under Gentoo, so you would emerge netqmail instead of qmail. There are many different mta softwares out there. I would suggest trying a few of them, and see which one seems to fit your thought process the best. For me it's qmail, but you might be more of an exim or postfix or (god forbid) sendmail person. Good luck! -Sean signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] OT - An annoying habit of logwatch (possibly cron?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I too noticed this a while back, and when looking in /etc/cron.daily I saw two files: 00-logwatch logwatch According to equery f logwatch | grep cron.daily, 00-logwatch is the file that is associated with the currently installed logwatch package. So my assumption is that the other file is a left over from a previous version of logwatch. At any rate, I removed the /etc/cron.daily/logwatch file, and now I receive only one report from each of my logwatched systems. ;) Hope that helps, Sean Michael Sullivan wrote: I have three computers on my network. All three of them have logwatch installed. Each one stays on pretty much all the time (I don't like rebooting - it takes too long.) Each morning I wake up and read my email. You'd think I'd get three logwatch reports - one from each computer, right? Nope. I get at least six, sometimes more. I look at the time stamps; the first ones are sent out at 3:00am. The next set it sent out at 3:05 with the exact same information. It's very annoying. How can I set it where I only get one logwatch report for each computer? -Michael Sullivan- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEjENQURAzA7YU73YRAjHTAJ4hKW0Kt5EmZGJLg2NoW76fPICHrwCfaDoG BVbxD1L473dUwRs8wPp3Thk= =imVA -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] BIND DNS?
For what it's worth, I'd second djbdns. I've been using it (and qmail) for a long time now, and haven't yet run into an issue. Cheers, Sean On 12/13/05, Ben [EMAIL PROTECTED] wrote: On Tuesday 13 December 2005 20:54, Tom Smith wrote: I'm looking to install BIND DNS on one of my server (the first Gentoo box on my network) but haven't been able to locate it in Portage. I tried the obvious searches for bind, nameserver, dns, etc, but still haven't been able to find it. Does Gentoo have a BIND package and, if so, what's it name? Uhh, there is a bind package: maya / # emerge -p bind These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild N] net-dns/bind-9.2.5-r6 maya / # Although personally I'd be tempted to recommend djbdns, much in the same way as I'd advise something like postfix over sendmail. There's some info on the wiki on how to install and configure djbdns, along with links to more info: http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_DJBDNS -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] IMAP Server - authenticating off a Windows Domain?
On 12/5/05, Stroller [EMAIL PROTECTED] wrote: Hi there, Does anyone have any experience of this, please? I have a number of users with roaming profiles on a Windows Domain Controller (SBS 2003). I don't want to use Exchange as a mailserver but instead an IMAP sever such as Courier (which I'm familiar with). Each user will have to change their password on the domain every couple of weeks and because I want to provide webmail access to their IMAP accounts it's desirable that their IMAP username password be the same as their Windows one. I don't mind adding users by hand on the Linux-based IMAP server but I would prefer that passwords be changed automatically - I guess the best way to do this is for the IMAP server to authenticate against the domain controller everytime the user logs on to their email? Has anyone any experience of this, please? You might be able to use samba winbind for this, and modify the imap pam config to use system-auth-winbind. I haven't actually tried this, but it might be something worth playing with. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] DVD recorder recommendations
I'm pretty stuck on Plextor drives. I've found them to all be very reliable, and will tend to read damaged disks that other drives choke on. Just my 2c. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] [OT] Resize of a reiser4 filesystem?
AFAIK, and according to the README in the reiser4progs, Reiser Co have not gotten around to implementing the resizer for reiser4. So, for an 'offline' option, backup, resize, reformat, restore Since practically all my partitions are LVM, not being able to resize really takes reiserfs4 out of the running for me. Of course, by the time a resizer is available, a significant number of bugs should have also been worked out, and perhaps it will even be included in the mainline kernel. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Web Based Job Ticket System?
I've used RT ( http://www.bestpractical.com ) at two places so far, and _really_ liked it. It can be a bit of a pain to install, but once it's up and running, it's been very stable for me. On 4/29/05, fire-eyes [EMAIL PROTECTED] wrote: I'm looking for a web based job ticket system. We use apache 2 and mysql currently, and also have php 4/5. Any suggestions? -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list