search for: privelege

Hi, I'm kinda new to samba so forgive my ignorance. I want to set up users so that depending on the user you would have access - read, write or read/write both. I know that is is possible to specify whether the drive is read only, write etc. So is it possible to set priveleges at the user level? thanx. Abhishake

...o, I did a quick change to the patched port of poppassd and am wondering if you think my code would introduce any potential problems. The idea is right after we check if the username exists, also check if the UID of that username is over 1000. I wanted to make sure that no one monkeys around with priveleged users once poppassd is running. So, the middle chunk of code is mine, everything else has been there before me. What's the general feeling about the security of poppassd provided that users with valid passwords already have shell access to the system, and now nobody can try to change privele...

...profile. All drive mappings are available, just no profiles, recent lists, etc... Samba log is showing: api_samr_set_userinfo: Unable to unmarshall SAMR_SET_Q_USERINFO bumping the samba log level, verifies that I am going after the user profile and I am "dying" because of lack of priveleges....yet I can ssh into the box as a user and read or touch or execute anything I want !? What am I missing ???

...e available, just no profiles, recent lists, etc... > > Samba log is showing: api_samr_set_userinfo: Unable to > unmarshall SAMR_SET_Q_USERINFO > > bumping the samba log level, verifies that I am going after > the user profile and I am "dying" because of lack of > priveleges....yet I can ssh into the box as a user and read > or touch or execute anything I want !? Must be something trivial, but whoever wants to help you will need your smb.conf to see how you set it up. I can suggest relevant options how I handle the profiles: [global] ... logon path = \\p90...

Hello all, this patch allows master process to drop more root priveleges under Solaris. My limited testing shows that code works, but I'm not sure that defined privilege set is permissive enough for dovecot. Unfortunately I have no root access to our Solaris servers to really test it. So if someone is ready to test this patch please do it :) Best regards. -------...

...tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j ACCEPT -i eth0 -s any/0 22 -p tcp ! -y Now everything is fine. I even see the config file option to switch back to using non-priveleged ports. What was the reason for switching to priveleged by default in 2.5.1p1? -Troy Jason Stone wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I just recently installed OpenSSH 2.5.1p1 on a RH6.2 box (kernel > > 2.2.17). I run ipchains to do packet...

Ok, I'm doing a heads up here. I just applied: - markus at cvs.openbsd.org 2002/06/11 04:14:26 [ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@ A few comments about

The owner of my company just asked me for an Asterisk brochure. Has anyone seen such a creature? I know of some really informative websites, but I think a pdf would be priceless at this point. Thanks, Bob McDowell EMAIL PRIVELEGED & CONFIDENTIAL CLIENT COMMUNICATION    *** PRIVILEGED AND CONFIDENTIAL CLIENT COMMUNICATION *** This e-mail message and all attachments, if any, may contain confidential and privileged material and are intended only for the intended recipient.  Any unauthorized review, use, disclosure or dis...

...ted within some protocol between ssh and sshd. No problem to change this slightly with a private patch. If it only wouldn't incompatibly change the protocol. So my idea is to implement it in a way that client_request_forwarded_tcpip() in clientloop.c checks originator_port for being in the priveleged range and - if yes - uses a privileged port to connect. Any comments? Regards, Robert -- Robert.Dahlem at siemens.com Siemens Business Services - SBS D ORS FS BO DEZ KORDOBA-Outsourcing Tel: +49-69-797-6530 Fax: +49-69-797-6599 ------------------------------------------------------...

...th commit df99ac27106dededcf0a98a251e58c24b90bf6d1. > > This would seem to be a correct fix, as it seems > > "The "system" xattr namespace is reserved for the kernel. Any attempt to > use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of > priveleges." > > Can you check with 4.8.x ? I guess that statement may not be correct, depending on which kernel subsystem exposes the xattr? My testing was with local filesytems, not with nfsv4 mounts. Apparantly it works with nfs4_getfacl|nfs4_setfacl... -slow -- Ralph Boehme, Samba Team...

Hi All I found there is one bug in the plugin. The name of the attribute for ACL as per strace output of nfs4_setfacl is *system.nfs4_acl.* The source code has defined it as #define NFS4ACL_XATTR_NAME ( "system.nfs4acl" ) Note there is missing underscore. After this, the EOPNOTSUPP error is not observed. Hope this helps Akash On Thu, Apr 5, 2018 at 11:43 PM, Jeremy Allison

...9847-1004) -> prtadm But for some reason members of the domadm group are not receiving admin priviledges when logging on. Is the existence "-1" groups necessary? If so how does one create them? If not, why might members of the domadm group (as in the second example) not have admin priveleges when logging onto the domain? Thanks, Chris

...rial and buying the books is upgrading to Rails 1.0. I''ve tried entering the username as root and the root pass in the database.yml configuration, but that didn''t seem to work. I don''t know why Rails continues to try to access the db as root. I''ve checked my priveleges in mysql (4.1.14) and everything seems to be ok for the user I have set up for the "Depot" example. I''ve even connected with the user to the db through the console. So, to the best of my knowledge the user I''m connecting under has the right access to the db. Sinc...

...for Samba 4.8.0 and above, with commit df99ac27106dededcf0a98a251e58c24b90bf6d1. This would seem to be a correct fix, as it seems "The "system" xattr namespace is reserved for the kernel. Any attempt to use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of priveleges." Can you check with 4.8.x ? Jeremy. Author: Ralph Boehme <slow at samba.org> Date: Thu Nov 2 12:17:48 2017 +0100 librpc/idl: rename NFS4 ACL xattr name The "system" xattr namespace is reserved for the kernel. Any attempt to use xattrs in that namesspace...

...for example, does this). There was a thread on this a long time ago, and it degenerated into a discussion of crypto-swap, but the question was never answered. Is there a good reason not to do this? The only one I can think of is that we'll need to make ssh-agent setuid as mlock requires root priveleges. -Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE5/qAwswXMWWtptckRAhCqAJ91Ei23/vxP1SHmI44dHmEPIPI3FACgkujG oODCsCvCCgYCYO7ZS71ThBc= =g0GJ -----END PGP SIGNATURE-----

...get the "could not connect to server" error. I couldn't even get warcraft 3 to install, it gave me some error like "GetDef.ins could not be found: unrecognized registry entry." After much googling and wine databasing I pretty much gave up but randomly tried wine with sudo priveleges. Ta-da! Everything worked. So I tried adding my user to all the groups that root was in (except root) and installing it as a regular user but no luck, same errors. What could possibly be the issue? I don't really feel like running as root every time I want to play a wine game.

...ter proceeds to execute the login script (a .BAT file). However, the client computer does not use the policy file which is located in the netlogon share. I will point out the the login script and the policy file are located on the same share, both with the same set of permissions (writeable by one priveleged user only, group and world readable). Hopefully this will clear up any confusion that my original message may have caused. Glen Gibb Ridley College

When using Dos command: net use Z: \\servername\public I get prompted for a user name and password. I have admin priveleges and have tried using user root, user admin, user guest, my own account etc. And I get System error 1240 has occurred. The account is not authorized to log in from this station. What could be causing this? This is happening via a remote connection from my laptop using our VPN. When I use my comp...

Hello everyone I am trying to use "hide unreadable = yes" in my [global] section and having some problems - I make a share and then add "valid users = @MYDOMAIN+group" - this works to protect access, but it is still visible to non-priveleged users (even though they cant get in) - is there something I need to do to make these shares hidden? Thanks, Hamish

...; > > > > This would seem to be a correct fix, as it seems > > > > > > "The "system" xattr namespace is reserved for the kernel. Any attempt to > > > use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of > > > priveleges." > > > > > > Can you check with 4.8.x ? > > > > I guess that statement may not be correct, depending on which kernel subsystem > > exposes the xattr? My testing was with local filesytems, not with nfsv4 > > mounts. Apparantly it works with nfs4_get...