similar to: sshd Match Group directive problem

A detail I forgot... The need is to have members of the groups wheel and users being dropped to a shell and administer the server while members of only the group users have a script started forcing them to a few command on the server. On Tue, Feb 28, 2017 at 10:50 AM, Bernard Fay <bernard.fay at gmail.com> wrote: > I try to set up two "Match Group" directives in

Hello group, When I try to add sambaSAMAccount object class to a user with smbldap-usermod, I have the following error: smbldap-usermod -a bernard.fay Failed to find sambaDomain object to get sambaAlgorithmicRidBase at /usr/share/perl5/vendor_perl/smbldap_tools.pm line 1235. Someone have an idea of the problem? Thanks, Bernard

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

Hello openssh developers, I was builiding openssh-4.7p, and it builds successfully with my own prefix (--prefix=/path/to/sshd). The problem is when I execute sshd, it warns about permission being too open: hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @

How do you resize the partition without loosing data? gparted does not support LVM. On Wed, Feb 22, 2017 at 8:37 AM, SysAdmin <admin at s-s.network> wrote: > Hi, > > you need to resize partition /dev/xvda2, afterwards resize pv. > > Regards, > Holger > > > -----Urspr?ngliche Nachricht----- > > Von: CentOS [mailto:centos-bounces at centos.org] Im Auftrag

Hi, I tried to apply a security context on a directory with the following commands: [root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?" [root@ local]# restorecon -R netdot/ When I list the contexts, it is part of the list.... [root@ local]# semanage fcontext -l | grep netdot ./netdot(/.*)? all files

Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all

On Fri, 26 May 2017, Christian, Mark wrote: > On Fri, 2017-05-26 at 11:19 -0400, Bernard Fay wrote: >> Hi, >> >> Does a fix has already been made in the CenOS RPM repositories for this >> Samba remote execution code vulnerability, CVE-2017-7494? > yes. samba-3.6.23-43.el6_9.x86_64.rpm And samba-*-4.4.4-14.el7_3.x86_64 -- Paul Heinlein <> heinlein at

Hi, Is there a way to allow a user to execute commands via ssh, for example: "ssh user at server ls", but disallow the same user to login on this server with "ssh user at server" ? Thanks, Bernard

Hello, I try to setup a new test environment with Samba and LDAP but I could not get my domain SID. [root@ ~]# net getdomainsid SID for local machine LDAP-TEST is: S-1-5-21-1044143993-2427131616-1047417663 Could not fetch domain SID What I am do wrong or forget to do? Thanks, Bernard

Hi, Does a fix has already been made in the CenOS RPM repositories for this Samba remote execution code vulnerability, CVE-2017-7494? Thx, Bernard

Hello, We are using Samba only for file sharing. Because we are missing space in the first Samba server, we need to add a second Samba server. While building this new server i came up with the questioning about sharing the passdb.tdb file among different Samba servers? Would this be feasible? The idea is that all users should be able to access any file servers according with theirs needs. Or

Hello everyone, I have a problem with oddjob_mkhomedir on a NFS mount point. The actual context is nfs_t drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/ With this type, oddjob_mkhomedir cannot do is job of creating home user directories. In the logs, I found about creating a new module with audi2allow and semodule: [root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598

It would be hard to use ansible, cfengine or whatever while there no IP address on the new VM..... On Tue, Nov 8, 2016 at 10:47 AM, <cpolish at surewest.net> wrote: > On 2016-11-07 14:35, Bernard Fay wrote: > > Hi, > > > > We have a virtual environment based on XenServer. In this environment I > > defined a template for CentOS 7 servers. > > > > I

Hi, We have a virtual environment based on XenServer. In this environment I defined a template for CentOS 7 servers. I would like to start a script a boot time to complete the configuration of new VMs based on this template. How can I have a script started before any login prompt to ask question to the user to complete the configuration such as hostname, IP address, etc? Thanks, Bernard

Hello, A server was configured in /var/lib/myslq in the root fs. I added a LV specifically for mysql. I stopped myql and renamed /var/lib/mysql to /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in /var/lib/mysql.old to /var/lib/mysql. But then I got a selinux problem: # ls -ldZ mysql.old/

Hi I'm sure this must have come up before - if so I apologise. I have googled, read HOWTOs FAQ and numerous personal accounts on how to configure samba as a PDC but to no avail - neither w2k nor XP will join the domain. NT4 Workstation and Win9x I have working fine - where have I gone wrong ? Linux SETUP: RedHat 7.3, samba-2.2.7-3.7.3 (upgraded from 2.2.3a) Win2k SETUP: Win 2000 Pro,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I like to know what will happend if: - - one Domain with 2 DCs - - two Admins working on their Windows-ws with RSAT. - - Admin1 is connected to DC1 - - Admin2 is connected to DC2 - - Admin1 creats a user "u1" and a group "g1" - - then the two DCs will lose connection, the user and group is replicated to DC2 - - now Admin1

On 06/07/16 21:17, Bernard Fay wrote: > I can access /depot/tftp from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ >

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We