search for: priveleges

Hi, I'm kinda new to samba so forgive my ignorance. I want to set up users so that depending on the user you would have access - read, write or read/write both. I know that is is possible to specify whether the drive is read only, write etc. So is it possible to set priveleges at the user level? thanx. Abhishake

Hello, I did a quick change to the patched port of poppassd and am wondering if you think my code would introduce any potential problems. The idea is right after we check if the username exists, also check if the UID of that username is over 1000. I wanted to make sure that no one monkeys around with priveleged users once poppassd is running. So, the middle chunk of code is mine, everything

...profile. All drive mappings are available, just no profiles, recent lists, etc... Samba log is showing: api_samr_set_userinfo: Unable to unmarshall SAMR_SET_Q_USERINFO bumping the samba log level, verifies that I am going after the user profile and I am "dying" because of lack of priveleges....yet I can ssh into the box as a user and read or touch or execute anything I want !? What am I missing ???

...e available, just no profiles, recent lists, etc... > > Samba log is showing: api_samr_set_userinfo: Unable to > unmarshall SAMR_SET_Q_USERINFO > > bumping the samba log level, verifies that I am going after > the user profile and I am "dying" because of lack of > priveleges....yet I can ssh into the box as a user and read > or touch or execute anything I want !? Must be something trivial, but whoever wants to help you will need your smb.conf to see how you set it up. I can suggest relevant options how I handle the profiles: [global] ... logon path = \\p90....

Hello all, this patch allows master process to drop more root priveleges under Solaris. My limited testing shows that code works, but I'm not sure that defined privilege set is permissive enough for dovecot. Unfortunately I have no root access to our Solaris servers to really test it. So if someone is ready to test this patch please do it :) Best regards. --------...

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j

Ok, I'm doing a heads up here. I just applied: - markus at cvs.openbsd.org 2002/06/11 04:14:26 [ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@ A few comments about

The owner of my company just asked me for an Asterisk brochure. Has anyone seen such a creature? I know of some really informative websites, but I think a pdf would be priceless at this point. Thanks, Bob McDowell EMAIL PRIVELEGED & CONFIDENTIAL CLIENT COMMUNICATION    *** PRIVILEGED AND CONFIDENTIAL CLIENT COMMUNICATION *** This e-mail message and all attachments, if any, may

Hi, I have a daemon process which is changings things in the system only the superuser should be allowed to change. Lets call it "riskyd". Users use a frontend on the same machine (lets call it "risky"). risky is a SUID program which talks to riskyd by binding to a privileged port, then connecting to riskyd on localhost. riskyd cheks that the connection is coming from

...th commit df99ac27106dededcf0a98a251e58c24b90bf6d1. > > This would seem to be a correct fix, as it seems > > "The "system" xattr namespace is reserved for the kernel. Any attempt to > use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of > priveleges." > > Can you check with 4.8.x ? I guess that statement may not be correct, depending on which kernel subsystem exposes the xattr? My testing was with local filesytems, not with nfsv4 mounts. Apparantly it works with nfs4_getfacl|nfs4_setfacl... -slow -- Ralph Boehme, Samba Team...

Hi All I found there is one bug in the plugin. The name of the attribute for ACL as per strace output of nfs4_setfacl is *system.nfs4_acl.* The source code has defined it as #define NFS4ACL_XATTR_NAME ( "system.nfs4acl" ) Note there is missing underscore. After this, the EOPNOTSUPP error is not observed. Hope this helps Akash On Thu, Apr 5, 2018 at 11:43 PM, Jeremy Allison

...9847-1004) -> prtadm But for some reason members of the domadm group are not receiving admin priviledges when logging on. Is the existence "-1" groups necessary? If so how does one create them? If not, why might members of the domadm group (as in the second example) not have admin priveleges when logging onto the domain? Thanks, Chris

...rial and buying the books is upgrading to Rails 1.0. I''ve tried entering the username as root and the root pass in the database.yml configuration, but that didn''t seem to work. I don''t know why Rails continues to try to access the db as root. I''ve checked my priveleges in mysql (4.1.14) and everything seems to be ok for the user I have set up for the "Depot" example. I''ve even connected with the user to the db through the console. So, to the best of my knowledge the user I''m connecting under has the right access to the db. Since...

...for Samba 4.8.0 and above, with commit df99ac27106dededcf0a98a251e58c24b90bf6d1. This would seem to be a correct fix, as it seems "The "system" xattr namespace is reserved for the kernel. Any attempt to use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of priveleges." Can you check with 4.8.x ? Jeremy. Author: Ralph Boehme <slow at samba.org> Date: Thu Nov 2 12:17:48 2017 +0100 librpc/idl: rename NFS4 ACL xattr name The "system" xattr namespace is reserved for the kernel. Any attempt to use xattrs in that namesspace...

...for example, does this). There was a thread on this a long time ago, and it degenerated into a discussion of crypto-swap, but the question was never answered. Is there a good reason not to do this? The only one I can think of is that we'll need to make ssh-agent setuid as mlock requires root priveleges. -Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE5/qAwswXMWWtptckRAhCqAJ91Ei23/vxP1SHmI44dHmEPIPI3FACgkujG oODCsCvCCgYCYO7ZS71ThBc= =g0GJ -----END PGP SIGNATURE-----

...get the "could not connect to server" error. I couldn't even get warcraft 3 to install, it gave me some error like "GetDef.ins could not be found: unrecognized registry entry." After much googling and wine databasing I pretty much gave up but randomly tried wine with sudo priveleges. Ta-da! Everything worked. So I tried adding my user to all the groups that root was in (except root) and installing it as a regular user but no luck, same errors. What could possibly be the issue? I don't really feel like running as root every time I want to play a wine game.

Hello all, I wrote yesterday about problems with Windows policies and Samba 2.0.4b yesterday. Since then, I've had someone ask for a more detailed explanation, so here it is. Samba currently provides domain logons for a number Windows 95 and 98 clients (as well as the standard file serving). The domain logon currently succeeds, a user's username and password is accepted and the client

When using Dos command: net use Z: \\servername\public I get prompted for a user name and password. I have admin priveleges and have tried using user root, user admin, user guest, my own account etc. And I get System error 1240 has occurred. The account is not authorized to log in from this station. What could be causing this? This is happening via a remote connection from my laptop using our VPN. When I use my compu...

Hello everyone I am trying to use "hide unreadable = yes" in my [global] section and having some problems - I make a share and then add "valid users = @MYDOMAIN+group" - this works to protect access, but it is still visible to non-priveleged users (even though they cant get in) - is there something I need to do to make these shares hidden? Thanks, Hamish

...; > > > > This would seem to be a correct fix, as it seems > > > > > > "The "system" xattr namespace is reserved for the kernel. Any attempt to > > > use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of > > > priveleges." > > > > > > Can you check with 4.8.x ? > > > > I guess that statement may not be correct, depending on which kernel subsystem > > exposes the xattr? My testing was with local filesytems, not with nfsv4 > > mounts. Apparantly it works with nfs4_getf...