similar to: Samba4: Can't create shares outside sysvol and netlogon

Hi, is it possible to hide/restrict access to the home drives of our samba users when accessing them directly via netbios address? I have set up the home folders in ADUC. They are all mapped to drive H: and users have full access to their drive. The problem is, that others users also have access (accept write) to other users folders when opening the domain shares via \\<netbios

Hello Marc, Am 24.10.2013 21:00, schrieb Marc Muehlfeld: > Hello Thoralf, > > Am 24.10.2013 20:32, schrieb "Th. S?ldenwagner": >> is it possible to hide/restrict access to the home drives of our samba >> users when accessing them directly via netbios address? >> >> The server is running at school and there are several pupils who have >> the ability

hi there, the samba wiki currently recommends using rsync to achieve sysvol replication in an ad dc setup with more than one dc. this seems a bit kludgy to me ? using some sort of a distributed file system would probably be a more elegant solution. while researching this, i came across a few threads on this list, but unfortunately none of them provides a definite answer to which setup works to

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

Quoting Richard Pennington <rich at pennware.com>: > I've just started looking into code generation and have a newbie > question: Is there enough information in the .td files to make a tool to > automatically generate an assembler from them? Is a project like that > in the works? > > -Rich Hi your question is reasonable, but it is probably out of scope for LLVM.

Hey guys,. I have a centos 7 machine I'm using as a zabbix server. And I noticed that apache won't start, with this complaint in the error log: (13)Permission denied: AH00091: httpd: could not open error log file /var/log/zabbix_error_log. AH00015: Unable to open logs I tried having a look at audit2allow and this is the response I get back: [root at monitor2:/etc/httpd] #grep http

On 8 May 2015 20:41, "Conley, Matthew M CTR GXM" < matthew.m.conley1.ctr at navy.mil> wrote: > > chmod 0700 .ssh > chmod 0600 .ssh/* > > Keys can fail if you don't have that setup correctly. > Also do: > grep sshd /var/log/audit/audit.log| audit2allow -m sshd > # Will let you see what modules it will create. > grep sshd /var/log/audit/audit.log|

Hi, Some time ago I had SELinux problems with Fail2ban. One of the users on this list suggested that it might be due to the fact that I'm using a bone-headed iptables script instead of FirewallD. I've spent the past few weeks getting up to date with doing things in a more orthodox manner. So currently my internet-facing CentOS server has a nicely configured NetworkManager, and

On 5/8/2015 7:22 AM, Valeri Galtsev wrote: > On Fri, May 8, 2015 8:58 am, James B. Byrne wrote: >> While attempting to debug something else I ran across this: >> >> ssh -vvv somehost >> . . . >> debug1: Connection established. >> debug1: permanently_set_uid: 0/0 >> debug1: identity file /root/.ssh/identity type -1 >> debug1: identity file

On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote: > >> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit : >> SELinux is preventing /usr/bin/python2.7 from read access on the file disable. >> ***** Plugin catchall (100. confidence) suggests ***** >> If you believe that python2.7 should be allowed read access on the disable file by default.

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).

On 06/17/2015 04:03 PM, Jonathan Billings wrote: > On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote: >> No prob! Thanks for all the help! But in searching my system I don't find >> anything of the sort. >> >> [root at monitor2:~] #updatedb >> [root at monitor2:~] #locate myzabbix.te >> [root at monitor2:~] #find / -name "myzabbix.*"

I installed SeLinux in warn mode. HOw do i check to see what it is wanring about? This wil help me in make a decision to turn it to active mode..:) -- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their

Using audit2allow, I was able to create a policy module for selinux: audit2allow -i /var/log/audit/audit.log -M mysqld (creates mysqld.pp and mysqld.te) I want to distribute this to all my puppet clients. I can easily put this file in /etc/selinux/targeted/modules/active/modules But even after reboot, although I can see the module listed: semodule -l ... it doesn''t seem to actually

I regret the delay in replying to this topic but I am a digest subscriber so I only see list traffic once every 24 hours. When I moved from RHES3 to CentOS4 back in April/May of this year I was bitten by the SELinux gnat as well, and the temptation to swat a distracting irritation by killing it in its bed nearly proved irresistible. However, taking to heart the advice given to me here and

> > Sorry, I didn't put that very clearly. Could you show us the contents of > myzabbix.te. No prob! Thanks for all the help! But in searching my system I don't find anything of the sort. [root at monitor2:~] #updatedb [root at monitor2:~] #locate myzabbix.te [root at monitor2:~] #find / -name "myzabbix.*" I also did search using 'yum provides' to find

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

Hello, I was testing samba for serveral months, Now I planning to implementing as AD for about 300 computers, I'm using it as a base of users for squid, dovecot and postfix. Everything is working fine, but I found a problem, if a user in windows get into the shared folders of the server like SYSVOL and NETLOGON, they are able to delete files and folders, so I noticed this could be a problem,

Hi list, I've knocked up a contribution on SELinux here: http://wiki.centos.org/HowTos/SELinux I've tried to pitch it as an introduction for those not already familiar with SELinux but also hopefully a useful reference. I'm relatively new to SELinux and have covered pretty much everything I know to the limits of my limited knowledge. If folks think other material needs to be