search for: allow_users

...- auth.c 4 Nov 2002 10:07:53 -0000 1.46 +++ auth.c 16 Feb 2003 03:27:42 -0000 @@ -105,15 +105,16 @@ return 0; } } - /* Return false if AllowUsers isn't empty and user isn't listed there */ + /* Return true if person in AllowUsers, otherwise try the group test */ if (options.num_allow_users > 0) { for (i = 0; i < options.num_allow_users; i++) if (match_user(pw->pw_name, hostname, ipaddr, options.allow_users[i])) - break; - /* i < options.num_allow_users iff we break for loop */ - if (i >= options.num_allow_users) { - log("User %.100s not allow...

...contain the user's group + * return false. + * Otherwise, return true. + */ +int auth_allowed_user(struct passwd *pw, Authaccess access) +{ + const char *hostname = NULL, *ipaddr = NULL; + int i; + + if (!pw || !pw->pw_name) + return 0; + + if (access.num_deny_users > 0 || access.num_allow_users > 0) { + hostname = get_canonical_hostname(options.verify_reverse_mapping); + ipaddr = get_remote_ipaddr(); + } + + /* Return false if user is listed in DenyUsers */ + if (access.num_deny_users > 0) { + for (i = 0; i < access.num_deny_users; i++) + if (match_user(pw->pw_name, h...

...= 0; i < options.num_deny_users; i++) - if (match_pattern(pw->pw_name, options.deny_users[i])) + if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) return 0; } /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users > 0) { + const char *hostname = get_canonical_hostname(options.reverse_mapping_check); + const char *ipaddr = get_remote_ipaddr(); for (i = 0; i < options.num_allow_users; i++) - if (match_pattern(pw->pw_name, options.allow_users[i])) + if (match_user(pw->pw_name, hostname, ipa...

...38,44 +138,85 @@ } if (S_ISREG(st.st_mode) == 0 || (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { logit("User %.100s not allowed because shell %.100s is not executable", pw->pw_name, shell); return 0; } - if (options.num_deny_users > 0 || options.num_allow_users > 0) { + if (options.num_deny_users > 0 || options.num_allow_users > 0 || + options.num_allow_users_fixedname > 0 || + options.num_allow_users_ipaddr > 0 ) { hostname = get_canonical_hostname(options.use_dns); ipaddr = get_remote_ipaddr(); } /* Return false if use...

...hots/189 total 8 drwxr-xr-x 1 root root 32 Jun 19 11:00 . drwxr-x--x+ 1 root root 208 Jun 19 11:00 .. -rw------- 1 root root 187 Jun 19 11:00 info.xml drwxrwx--- 1 nobody domain users 478 Apr 15 08:01 snapshot so a member should be allowed to traverse in snapper ALLOW_USERS="user1 sgw" ALLOW_GROUPS="domain\ admins" SYNC_ACL="yes" but this seems not to be applied to the snapshots, right? I currently don't see on which layer I should act at first. Does "previous versions" in Windows access as the actual AD user or as someb...

...sted in DenyUsers */ if (options.num_deny_users > 0) { for (i = 0; i < options.num_deny_users; i++) ! if (match_pattern(pw->pw_name, options.deny_users[i])) return 0; } /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users > 0) { --- 68,92 ---- shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; /* deny if shell does not exists or is not executable */ ! if (stat(shell, &st) != 0) { ! log("User %.100s not allowed because shell %.100s does not exist", ! pw->...

...======================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.48 diff -u -r1.48 auth.c --- auth.c 2003/06/02 09:17:34 1.48 +++ auth.c 2003/06/11 12:29:19 @@ -111,7 +111,7 @@ if (match_user(pw->pw_name, hostname, ipaddr, options.allow_users[i])) break; - /* i < options.num_allow_users iff we break for loop */ + /* i < options.num_allow_users if we break for loop */ if (i >= options.num_allow_users) { logit("User %.100s not allowed because not listed in AllowUsers", pw->pw_name); Index: monit...

...case sAllowGroups: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_groups >= MAX_ALLOW_GROUPS) --- openssh-3.4p1.vanilla/servconf.h Thu Jun 20 21:09:47 2002 +++ openssh-3.4p1/servconf.h Wed Jul 3 11:23:26 2002 @@ -20,6 +20,7 @@ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ #define MAX_DENY_USERS 256 /* Max # users on deny list. */ +#define MAX_CHROOT_USERS 256 /* Max # users on chroot list. */ #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */...

Hey, After discussing the limit of MAX_ALLOW_USERS I've been trying to use AllowGroups instead. In the config file I have the AllowUsers lines before the AllowGroups lines (I have tried both ways) and it appears that the presence on the AllowGroups directives seems to blow away any Allow* directives I have set. I'm not sure how to check...

...32 Jun 19 11:00 . > drwxr-x--x+ 1 root root 208 Jun 19 11:00 .. > -rw------- 1 root root 187 Jun 19 11:00 info.xml > drwxrwx--- 1 nobody domain users 478 Apr 15 08:01 snapshot > > so a member should be allowed to traverse > > in snapper > > ALLOW_USERS="user1 sgw" > ALLOW_GROUPS="domain\ admins" ^^^^^^^^^^^^^^^^ Where are you getting this from ? If I run this in a terminal: ALLOW_GROUPS="domain\ admins" ; echo "$ALLOW_GROUPS" I get this: domain\ admins Note that the ...

...y must permit traversal for any users wishing to access > snapshots via the Windows Explorer previous versions dialog. By > default, traversal is forbidden for all non-root users. Additionally, > users must be granted permission to list snapshots managed by > snapper, via snapper's ALLOW_USERS or ALLOW_GROUPS options. Snapper > can grant these users and groups .snapshots traversal access > automatically via the SYNC_ACL option." > > how do I allow traversal? By setting the 'x' on 'rwx'. 'r' = read 'w' = write 'x' = enter or trave...

...u Mar 1 15:45:03 2001 *************** *** 81,86 **** --- 81,87 ---- options->challenge_reponse_authentication = -1; options->permit_empty_passwd = -1; options->use_login = -1; + options->sys_environment_file = NULL; options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; *************** *** 210,216 **** sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, ! sUseLogin,...

is this module still maintained and working? https://www.samba.org/samba/docs/current/man-html/vfs_snapper.8.html starting to set up the pieces, I have snapshots in btrfs with snapper itself but so far nothing visible on the windows explorer side. As always I rtfm all over ;-) I assume I have to do some extra magic to allow the winbind users/groups in ... in the related snapper-config I

Would anybody happen to have or know of a patch to make /etc/default/login PATH and SUPATH the default openssh path? We have customized paths for each school of engineering (each have their own customized site bin). This is easily controled with /etc/default/login. The --with-default-path option is too rigid. This is Solaris I am talking about. --mike

https://bugzilla.mindrot.org/show_bug.cgi?id=2346 Bug ID: 2346 Summary: sshd -T doesn't write all configuration options in valid format Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

...STROPT(authorized_principals_file); \ M_CP_STROPT(authorized_keys_command); \ M_CP_STROPT(authorized_keys_command_user); \ + M_CP_STROPT(ciphers); \ + M_CP_STROPT(macs); \ + M_CP_STROPT(kex_algorithms); \ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \ M_CP_STRARRAYOPT(allow_users, num_allow_users); \ M_CP_STRARRAYOPT(deny_users, num_deny_users); \ Index: sshd.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd.c,v retrieving revision 1.426 diff -u -p -u -r1.426 sshd.c --- sshd.c 29 Apr 2014 18:01:49 -0000 1.426 +++ ss...

Am 17.06.24 um 16:06 schrieb Rowland Penny via samba: >> The user is member of "domain admins", isn't that enough? > > No, because they would be classed as 'others'. > >> >> Or does "SYNC_ACL" not yet work OK, because we miss the steps in >> >> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs >>

...f.c --- openssh-2.2.0p1/servconf.c Fri Aug 18 05:59:06 2000 +++ openssh-2.2.0p1chroot/servconf.c Sun Oct 22 18:59:49 2000 @@ -68,6 +68,8 @@ #endif options->permit_empty_passwd = -1; options->use_login = -1; + options->use_chroot = -1; + options->chroot_group = -1; options->num_allow_users = 0; options->num_deny_users = 0; options->num_allow_groups = 0; @@ -158,6 +160,10 @@ options->permit_empty_passwd = 0; if (options->use_login == -1) options->use_login = 0; + if (options->use_chroot == -1) + options->use_chroot = 0; + if (options->chroot_group...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)