similar to: feature request & patch submit: chroot(2) in sshd

This patch adds a new option to sshd, chroot_users. It has the effect of chroot()ing incoming ssh users to their home directory. Note: this option does not work if UsePrivilegeSeparation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char

After a lot of different problems and variations of krb5.conf and samba.conf files I am currently stuck with the following error trying to join a domain net ads join -U nfybw@UIB.NO 'Klienter\IT\MatNat\IFT\Samba Servers\IT-gruppen' nfybw@UIB.NO's password: [2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367) ads_add_machine_acct: Host account for iftsmb100 already

Hi, it seems as if it is not possible to have more than 3 nics per domU right now. If I specify more, I get the usual [...] xen_net: Initialising virtual ethernet driver. #### netfront can''t alloc rx grant refs vif: probe of vif-3 failed with error -12 [...] message - see bug #183. It was pointed out to me that it might be possible to adjust this manually in

Hi all, I was wondering if cpu frequency scaling in dom0 (using the cpufreq=dom0-kernel boot parameter) may cause problems with HVM domUs? This is on Xen 3.2.1. PV domUs seem to work just fine. They adjust to the frequency change on the go. The HVM I run using the unmodified_driver drivers (also from the 3.2.1 release) seem to have very slow timers if dom0 lowers the frequency. Birger

Hi, I try to build experimental networks with Xen and stumbled over the same problem that has been described quite well by Mark Doll in his posting "xen_net: Failed to connect all virtual interfaces: err=-100" here: http://lists.xensource.com/archives/html/xen-users/2005-04/msg00447.html As it was still present in 2.0.6, I tried 3.0-devel and found NR_PIRQS and NR_DYNIRQS had been

Hi, I try to build experimental networks with Xen and stumbled over the same problem that has been described quite well by Mark Doll in his posting "xen_net: Failed to connect all virtual interfaces: err=-100" here: http://lists.xensource.com/archives/html/xen-users/2005-04/msg00447.html As it was still present in 2.0.6, I tried 3.0-devel and found NR_PIRQS and NR_DYNIRQS had been

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

We use rsync to provide an rsync share on a linux server with a javascript program on Windows clients which ensures all client data is backed up each morning. After making no progress with my posting last month regarding making a module upload only to prevent someone from manually downloading the rsync share obtaining other users work (exclude = * wasn't possible because we need --delete to

Hi! I am doing backups from a number of machines to an rsync server. For some time I was trying to come up with a solution, which would prevent users from peeking at each other's files, which are backed up. Finally, I've hacked rsync, introducing a new option "write only" for rsyncd.conf. When set to true, this option forbids the transfers from server to the client, thus solving

I recently was using llvm code from a process that I manually spawned as a child process and noticed that llvm::sys::path::home_directory() only works if "HOME" is set in the process environment: bool home_directory(SmallVectorImpl<char> &result) { if (char *RequestedDir = getenv("HOME")) { result.clear(); result.append(RequestedDir, RequestedDir +

Hello, I'd like to create user home directory or user-own folder on samba server on first login to samba without using PAM, so how could I do this? Thank you, Denis

hi, the release notes of samba4.3 read: "The support for trusted domains/forests has improved a lot." and " Both sides of the trust need to fully trust each other!" is this still true for samba 4.5 or is it possible to create a one way trust from DC domain A (samba) to DC domain B (windows)? i've looked at the samba 4.5 release notes, but didn't find anything about

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 7:27 AM, Rick Romero wrote: >> >> Quoting Eric Broch <ebroch at whitehorsetc.com >> <mailto:ebroch at whitehorsetc.com>>: >> >>> >>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>> >> Quoting Aki Tuomi <aki.tuomi at open-xchange.com >>

Here is a patch I just wrote and tested which may be of interest to those who wish to use KerberosGetAFSToken (currently requires Heimdal libkafs) in combination with GSSAPIDelegateCredentials. The patch is in the public domain and comes with no warranty whatsoever. Applies to pristine 3.8p1. Works for me on Solaris and Tru64. I'd probably have used Doug Engert's patch from 2004-01-30 if

Hi, I have a small patch here which changes the Cygwin README file so that the following fact is mentioned. OpenSSH never uses $HOME to search for user config files but the value in the pw_dir field in /etc/passwd. This might be of minor interest for generic U*X folks but that's an important fact for Cygwin users. When /etc/passwd is automatically created under WinNT/2K it uses the values

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 6:34 AM, Rick Romero wrote: > >> ? Quoting Aki Tuomi <aki.tuomi at open-xchange.com>: > On 03.10.2018 23:30, Eric Broch wrote: > >> Hello list, >> >> I run Dovecot with the vpopmail driver and have found that it >> authenticates against the clear text password in the vpopmail

Hi, I got stuck within some weird prob concerning my 2-node linux cluster and the synchronisation tool at hand (rsync-2.5.1pre1). I have to copy a structure of 70 directories where the data of these directories are hardlinked to the data of the 1st directory. Within this "orig data" directory, I have about 30.000 files, so the amount of files to sync is approx. 2.100.000. The

On Mon, 17 Aug 2015, Todd C. Miller wrote: > I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at

This patch revive almost all login.conf and password/account expiration features, makes OpenSSH more FreeBSD login compatible and fix non-critical memory leak. Please review and commit. --- sshd.c.old Fri Feb 25 08:23:45 2000 +++ sshd.c Sun Feb 27 02:53:33 2000 @@ -37,9 +37,8 @@ #endif /* LIBWRAP */ #ifdef __FreeBSD__ -#include <libutil.h> -#include <syslog.h> #define LOGIN_CAP

[ I'm not subscribed to this list; please CC any followups to me as well ] When a user invokes "ssh-add" with no arguments, I think we should default to adding both version 1 and version 2 keys. Here's a patch against the source included with my Debian package of OpenSSH: walters at space-ghost:/usr/src/ssh/openssh-2.9p2$ diff -u ssh-add.c~ ssh-add.c --- ssh-add.c~ Thu Apr