search for: allow_groups

Displaying 20 results from an estimated 20 matches for "allow_groups".

2024 Jun 19
1
vfs_snapper
Am 19.06.24 um 12:36 schrieb Rowland Penny via samba: >> ALLOW_GROUPS="domain\ admins" > ^^^^^^^^^^^^^^^^ > Where are you getting this from ? :-) > If I run this in a terminal: > > ALLOW_GROUPS="domain\ admins" ; echo "$ALLOW_GROUPS" > > I get this: > > domain\ admins >...
2024 Jun 19
1
vfs_snapper
...x+ 1 root root 208 Jun 19 11:00 .. > -rw------- 1 root root 187 Jun 19 11:00 info.xml > drwxrwx--- 1 nobody domain users 478 Apr 15 08:01 snapshot > > so a member should be allowed to traverse > > in snapper > > ALLOW_USERS="user1 sgw" > ALLOW_GROUPS="domain\ admins" ^^^^^^^^^^^^^^^^ Where are you getting this from ? If I run this in a terminal: ALLOW_GROUPS="domain\ admins" ; echo "$ALLOW_GROUPS" I get this: domain\ admins Note that the '\' has become part of the group na...
2024 Jun 17
2
vfs_snapper
...ml starting to set up the pieces, I have snapshots in btrfs with snapper itself but so far nothing visible on the windows explorer side. As always I rtfm all over ;-) I assume I have to do some extra magic to allow the winbind users/groups in ... in the related snapper-config I already have: ALLOW_GROUPS="domain\ admins" SYNC_ACL="yes" Maybe we miss the correct setup for Windows ACLs, I have to wait for their admin to check that also thanks for any real world examples or so greetings, Stefan
2024 Jun 19
1
vfs_snapper
...t root 32 Jun 19 11:00 . drwxr-x--x+ 1 root root 208 Jun 19 11:00 .. -rw------- 1 root root 187 Jun 19 11:00 info.xml drwxrwx--- 1 nobody domain users 478 Apr 15 08:01 snapshot so a member should be allowed to traverse in snapper ALLOW_USERS="user1 sgw" ALLOW_GROUPS="domain\ admins" SYNC_ACL="yes" but this seems not to be applied to the snapshots, right? I currently don't see on which layer I should act at first. Does "previous versions" in Windows access as the actual AD user or as somebody else?
2024 Jun 19
1
vfs_snapper
Am 19.06.24 um 12:46 schrieb Stefan G. Weichinger via samba: > Am 19.06.24 um 12:36 schrieb Rowland Penny via samba: > >>> ALLOW_GROUPS="domain\ admins" >> ??????????????? ^^^^^^^^^^^^^^^^ >> ??????????????? Where are you getting this from ? > > :-) > >> If I run this in a terminal: >> >> ALLOW_GROUPS="domain\ admins" ; echo "$ALLOW_GROUPS" >> >> I g...
2016 Oct 13
0
How to tell spicy client to use SASL authentication?
I'm using libvirt in desktop environment. Single host machine, pair of users, a few guest machines. The first thought was that unix socket restricted to specific group is just enough for authentication. But virsh has the power like sudo: you could define pool on real device and write anything on it. So I decided to authenticate with password for each virsh use. I'm using SASL + saslauthd +
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
...for (i = 0; i < access.num_allow_users; i++) + if (match_user(pw->pw_name, hostname, ipaddr, + access.allow_users[i])) + break; + /* i < access.num_allow_users iff we break for loop */ + if ( i >= access.num_allow_users) + return 0; + } + + if (access.num_allow_groups > 0 || access.num_deny_groups > 0) { + /* load up the user's group list */ + if (ga_init(pw->pw_name, pw->pw_gid) == 0) + return 0; + + /* return false if the user is in a denied group */ + if (access.num_deny_groups > 0) + if (ga_match(access.deny_groups, +...
2003 Feb 16
2
AllowUsers Change
...s.allow_users[i])) - break; - /* i < options.num_allow_users iff we break for loop */ - if (i >= options.num_allow_users) { - log("User %.100s not allowed because not listed in AllowUsers", + goto success; + + if (options.num_deny_groups == 0 && + options.num_allow_groups == 0) { + log("User %.100s not allowed because not in AllowUsers", pw->pw_name); return 0; } @@ -136,20 +137,28 @@ return 0; } /* - * Return false if AllowGroups isn't empty and one of user's groups - * isn't listed there + * Return false...
2024 Jun 17
1
vfs_snapper
...raversal for any users wishing to access > snapshots via the Windows Explorer previous versions dialog. By > default, traversal is forbidden for all non-root users. Additionally, > users must be granted permission to list snapshots managed by > snapper, via snapper's ALLOW_USERS or ALLOW_GROUPS options. Snapper > can grant these users and groups .snapshots traversal access > automatically via the SYNC_ACL option." > > how do I allow traversal? By setting the 'x' on 'rwx'. 'r' = read 'w' = write 'x' = enter or traverse on a directo...
2007 Nov 02
1
[Patch, enh] Permit host and IP addresses in (Allow|Deny)Groups
...options.num_deny_groups, hostname, ipaddr)) { +#endif /* GROUP_MATCH_HOST_AND_IP */ ga_free(); logit("User %.100s from %.100s not allowed " "because a group is listed in DenyGroups", @@ -223,8 +228,13 @@ * isn't listed there */ if (options.num_allow_groups > 0) +#ifndef GROUP_MATCH_HOST_AND_IP if (!ga_match(options.allow_groups, options.num_allow_groups)) { +#else /* GROUP_MATCH_HOST_AND_IP */ + if (!ga_match_host_and_ip(options.allow_groups, + options.num_allow_groups, hostname, ipaddr)) { +#endif /* GROUP_MATCH_HOST_AND_IP */...
2002 Jul 04
4
Chroot patch (v3.4p1)
..., linenum); + options->chroot_users[options->num_chroot_users++] = + xstrdup(arg); + } + break; + case sAllowGroups: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_groups >= MAX_ALLOW_GROUPS) --- openssh-3.4p1.vanilla/servconf.h Thu Jun 20 21:09:47 2002 +++ openssh-3.4p1/servconf.h Wed Jul 3 11:23:26 2002 @@ -20,6 +20,7 @@ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ #define MAX_DENY_USERS 256 /* Max # users on deny list. */ +#define MAX_CH...
2003 Feb 10
0
Possible Allow* bug?
...options->allow_users[options->num_allow_users++] = xstrdup(arg); } + debug3("Found %d AllowUsers", options->num_allow_users); break; case sDenyUsers: @@ -795,6 +796,7 @@ options->allow_groups[options->num_allow_groups++] = xstrdup(arg); } + debug3("Found %d AllowGroups", options->num_allow_groups); break; case sDenyGroups: -- James Dennis Harvard Law School "Not everything tha...
2001 Jun 18
2
Patch for changing expired passwords
...sers > 0) { *************** *** 85,97 **** if (match_pattern(pw->pw_name, options.allow_users[i])) break; /* i < options.num_allow_users iff we break for loop */ ! if (i >= options.num_allow_users) return 0; } if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ ! if (ga_init(pw->pw_name, pw->pw_gid) == 0) return 0; /* Return false if one of user's groups is listed in DenyGroups */ if (options.num_deny_groups > 0) --- 94,112 ---- if (mat...
1999 Nov 20
1
openssh and DOS
...gain, there may be a better solution. Craig ------------------------------------------------------------ --- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999 +++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999 @@ -62,6 +62,7 @@ options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; + options->max_connections = -1; } void fill_default_server_options(ServerOptions *options) @@ -161,7 +162,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,...
2024 Jun 19
2
vfs_snapper
Am 17.06.24 um 16:06 schrieb Rowland Penny via samba: >> The user is member of "domain admins", isn't that enough? > > No, because they would be classed as 'others'. > >> >> Or does "SYNC_ACL" not yet work OK, because we miss the steps in >> >> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs >>
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
...s_ipaddr) { + allowed = 1; + } + } + + if (allowed == 0) { + logit("User %.100s not allowed because not listed in AllowUsers, AllowUsersFixedname or AllowUsersIpaddr", + pw->pw_name); + return 0; + } + if (options.num_deny_groups > 0 || options.num_allow_groups > 0) { /* Get the user's group access list (primary and supplementary) */ if (ga_init(pw->pw_name, pw->pw_gid) == 0) { logit("User %.100s not allowed because not in any group", pw->pw_name); return 0; } diff -r -U 8 openssh-3.9p1.orig/match.c ope...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the