similar to: Probable bug in Chroot patch (v3.4p1)

The way this was last supplied to this list (2002-07-13) has the chroot after the call to 'setpcred'. In AIX 4.3.3 the call to setpcred changes the uid and eff. uid to the user attempting to logon. Then the call to chroot( new_home ) fails because AIX requires that any user issuing the chroot subroutine be at root authority. Net result: attempting to do a chroot after the call to

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

This patch adds a new option to sshd, chroot_users. It has the effect of chroot()ing incoming ssh users to their home directory. Note: this option does not work if UsePrivilegeSeparation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char

Hi, I'm wondering whether it is possible to log the key fingerprint (or, the comment of the key) that was used for authentication) with the actual available openssh v3.4p1 on solaris? (with Solaris 8 / UsePrivilegeSeparation yes, if this might be relevant, it seems not) -Is it possible at all? How? -Is there a special sshd configuration option neccessary to use? -Does is only work with a

Hello, I came up with this scenario of the use of batch mode while thinking of back-up schemes to use for myself. However, it could be that the last step needed in this scenario is not supported by rsync! Here's the scenario: At one time, /c/home/wer/work and /e/gold had identical content and were really huge (say, 200 GBytes). After some complex, intricate work, Mr. Wer

Greetings! I am working on a patch that will support a "ChrootUsers" option in the v3.4p1 config file. I am wondering if there are already plans to support a chroot option on the go? Regards, _________________________________________ Open Text Corporation - HMS Division. John Furman Network Security Officer jfurman at opentext.com www.opentext.com/hms Voc: 519.888.7111 x2361 Fax:

Running FC6 and Samba 3.0.24-11.fc6. Workstation is XP Pro Initially, after disabling SELinux and turning off Iptables, I could access the shares that were set up. Came in this morning ready to start copying files and can't get in. Prompts me for a username and password which is rejected. I know it's not my workstation because I have another FC6/Samba server running and have no problem

I am trying to run Samba 3.0.24-11.fc6 on Fedora Core 6. I've run across two problems that are keeping me from being successful. 1. IPTables. Even when I configure it through Webmin to not run at startup, it does anyway. I consider this a minor problem, at least for now, although I wouldn't mind some input on how to configure it to allow Samba. 2. Access to shares. We are running

Hi, This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot

Hey, Well, that was easy :-) Patch against CVS follows: Summary: Created a boolean option allow_zero_gid, when set to yes it will allow logins from users whose group id is zero. Tested with KMail 3.1.1 on FreeBSD 4.8. I'm not sure if my method for passing the boolean via the environment is correct, it looks a little on the ugly side. Index: src/lib/restrict-access.c

>> Hello, >> >> I have fresh instalation samba 4.17.12+dfsg from apt on Debian 12. >> >> I made new domain ADS2 >> (https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller). >> root at dc-ads2:/etc/samba# samba-tool domain provision --use-rfc2307 >> --realm=ADS2.SES.SK --domain=ads2 --server-role=dc >>

This is a port of a patch I contributed to ssh 1.2.23 in May 1998. I have missed the functionality after moving to OpenSSH so I have updated the patch and hope OpenSSH might accept it. The patch allows sshd_config to have lines like: AllowUsers root at localhost AllowUsers tridge@* AllowUsers guest at 192.168.2.* DenyUsers badguy@* etc. I found this useful for restricting users to only login

This patch (against the current CVS tree) is intended to add secure configuration to icecast 'out of the box'. It adds two configuration directives, 'icecast_user' and 'chroot_dir'. These are intended to be used together to reduce the privileges icecast runs under to the minimum necessary. When this is enabled and run as root icecast will enter the specified chroot

I've created a patch that adds a feature that is helpful to my setup. If 'parent_dir_umask' is set in the configuration file, any missing directories in the home directory path are created. The home directory itself is created according to the 'umask' setting, 'parent_dir_umask' is only used for intermediate directories that might need creating. This is useful to me,

Hi all, We are running OpenSSH v3.4p1 on three ES340 Alpha which run Tru64 v5.1A. The last couple of weeks, the system hangs at bootup for 15 minutes at the point where it is bring up sshd. When I manually stop and start sshd, it still takes 15 minutes. I manually ran sshd with the -ddd level 3 debug option. sshd hanges at the message which states it is creating a randomized seed. It also

A short while ago, I looked at using the AllowUsers configuration option in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to restrict access such that only specific remote machines could access specific local accounts. I swiftly discovered that a) specifying wildcarded IP numbers to try to allow a useful IP range was pointless: if I specified AllowUsers joe at

I added a few features to openssh for my local use that I think would be more broadly useful. I basically added access control lists to control who would be allowed public key authentication. I added four config file entries for the server: PubkeyAllowUsers PubkeyDenyUsers PubkeyAllowGroups PubkeyDenyGroups These follow the same sematics as the already existing entries for

http://bugzilla.mindrot.org/show_bug.cgi?id=648 Summary: Cannot login using SecureCRT since openssh 3.7p1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi i'm trying to list the shares on my Brother HL-5250DN printer with the smbtree command on linux but i keep getting the NT_STATUS_BAD_NETWORK_NAME error message. I can however print to one of the shared printing services with cups through the Device URI: smb://BRN_E1BEFA/BINARY_P1. Does anyone know what the problem could be? linux-wick:~ # smbtree Password: WORKGROUP

Hi, I am interested in decomposing a time series and getting the trend, seasonal and?irregular variations, as one can get with the "stl" command. My time series is fairly regular, but it has some breaks. From the zoo manual, I gather that it should be possible to convert it to a regular time series and then fill the NA entries by interpolation. I am not able to proceed beyond a certain