similar to: standalone server - force connections from windows group to be a specific unix user (UID)

http://bugzilla.mindrot.org/show_bug.cgi?id=136 Summary: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group Product: Portable OpenSSH Version: 3.0.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

The attached patch adds an option --drop-suid which caused rsync to drop setuid/setgid permissions from the destination files. ie, even if the source file is setuid, the target file will not be. Added as we want to rsync the same files to machines both inside and outside our firewalls. For machines inside the firewall some files should be suid, for machines outside the firewalls they should

Hi, According to ChangeLog someone "(bal)" removed -{enable/disable}-suid-ssh from configure (dating from 2002/06/07). Don't know the reason, probably this has something to do with PrivilegeSeparation. Consequence is: Users with UID != 0 are no longer able to allocate privileged ports, sshd answers "Rhosts Authentication disabled, originating port will not be

I'm stuck on a problem with rsync... We've got a chrooted shell with rsync and all the needed libs inside (and not much else). We're using rsync over ssh to send the files into this chrooted session. The rsync binary in the chrooted session is SUID root so that it can create the files with the correct UID/GID. When the following is run, it creates all the files as root.staff, not

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: kdelibs vulnerability for setuid KDE applications Advisory number: CSSA-2000-015.0 Issue date: 2000 June, 02 Cross reference: ______________________________________________________________________________ 1.

Hi All, Just joined the list. The postings are very helpful for me to implementing samba for my work place. I am running samba 3.0.1 or RED HAT 9.0. Does anybody know how to add Windows domain users to a linux usergroup? My PDC is running Windows 2000. I do not have permissions to create groups on the Windows PDC. Windbind is working fine on the Redhat machine. I can map to the linux samba

I have the following configuration: Server side: rsync daemon running as suid root, use chroot set to false. Client side: rsync client setuid root (so that it can write over other suid root owned files). When doing a :: based rsync to the server, I'd like to have the client be able to create/update files as the owner I pass on the command line. Since it has to be setuid root, and I

Does anyone know of a simple (share) mechanism that doesn't require setting up a complex ldap, winbind, pdc, etc samba configuration that will allow users connecting to a samba share to always be forced to be a specific unix UID? The idea is to have the linux data owned by a particular linux user, and be able to control write access to that data by adding any arbitrary windows user to a

Here is an executable that would allow a user to change the linux and SMB passwords simultaneously. The website indicated in the comments had some problems in the code, but they are fixed in the cpasswd.c file which is below and also attached. Hope that this helps others. The code is a fix, not a solution. it only works from the command prompt, but it helps with keeping linyx and Samba

Greetings in Christ our Saviour. I am having an enormous amount of difficulties trying to do something that should be quite easy. Obviously, I am missing something. I have read everything I can find on this, and have tried everything I can think of and more... I am trying to mount a Win98 drive on my Redhat 7.0 box. The mounting is no problem. However, when I log into my user account and try

I'm trying to get OpenSSH 2.5.2p2 to run on HP-UX 9.05. I've had some decent results, but I'm also seeing some problems. I'm using the EGD (I configured with --with-prngd-socket=/tmp/entropy). * Compiling required some changes, which I've attached. Two of the changes are "hackish", and not at all suited to inclusion in the source tree, but they might point

On 23/03/15 19:15, Jhon P wrote: > What do you mean with different winbinds? On the DC, winbind is built into the samba daemon, you do not run a separate winbind daemon. On a member server you run the nmbd & smbd daemons along with a separate winbind daemon. > > I can destroy the member server, its on testing. > It is for the version of windbind? > > I can get this from

In message <199709161652.MAA31468@ding.mailhub.com>, "Alexander O. Yuriev" writ es: > > [Mod: This message is a reason *why* linux-security is moderated list. This > is also a reason why Rogier, myself, Alan Cox and others really do not want > to have completely open lists that deal with security related aspects of > running a system as way too many people just jump

X-PMC-CI-e-mail-id: 13726 Hi, I have been a successful user of Openssh for some time. I am attaching two articles from BugTraq. Hopefully, they show exactly the security problems reported in the BugTraq mailing list. [Pity that no one seemed to have bothered to contact the mailing list(s) for openssh development.] I am not sure what the right fixes would be. But at least, people need to be

What do you mean with different winbinds? I can destroy the member server, its on testing. It is for the version of windbind? I can get this from DC. But I can not do the same with DC. "Tonight 2X1 sledgehammers." :-) XD > Date: Mon, 23 Mar 2015 18:43:21 +0000 > From: rowlandpenny at googlemail.com > To: samba at lists.samba.org > Subject: Re: [Samba] UID and GID

Hi, I'm newbie starting with Samba, so I can ask stupid questions :-) I've a Samba Server (3.023c). I have a Win2K Domain. I need to put the Samba server on the WIN2K Domain, and give access to AD users. Bit I also need that my Unix users have access to the Samba server. And I can't create AD accounts to Unix users. I have shared directories like that : - project (only for auth

-----Original Message----- From: Loomis, Rip Sent: Tuesday, 19 June, 2001 09:10 To: 'geoff at raye.com' Subject: RE: poor permissions on ssh binary Geoff-- You stated that you consider it "a poor choice of permissions" to install the ssh binary as mode 0711. Since it will run perfectly with even more restrictive permissions (we typically install it mode 0511 here), what is

I posted this to comp.protocols.smb, but I'll give it a shot here too... Background : We have an existing Win2k domain, 2 Win2k domain controllers, all working just fine. I've been using Samba 2.2.x for quite a while to provide access to specific folders on *nix machines using Domain security...So I'm reasonably familiar with how file/print sharing works. But what I'm

Hi all, I just looked into LPRng to see to what extent it is affected by the problems recently reported for the BSD lpd. It seems that it is fairly safe from those mentioned in the SNI advisory. > Problem 1: File creation > > Individuals with access to the line printer daemon from a privileged > port on a valid print client can tell lpd to create a file, providing > the name of

Hello, I'm using dovecot 1.0 under debian etch. The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied I suppose deliver is run as dovecot user. I read about running deliver as root with the suid bit set. I'm not quite sure if this is a good solution. Is there