Featured Post

gOS – The Cloud Distro

Over the past years I have helped a number of people switch to Linux. One of these folks is a good friend of mine who has recently taken an interest in my collection of LiveCD’s. I carry a cd carrier in my backpack so I always have my livecd’s with me and my friend wanted a copy of gOS.

Read More

/etc/shells on /etc/passwd

Posted by Anonymous Coward | Posted in Linux | Posted on 18-08-2009

Tags:

0

Hi All,

Why does these list (below) doesn’t belong to /etc/shells?

sync:x:5:0:********************// :/sbin:/bin/sync
shutdown:x:6:0:********************// :/sbin:/sbin/shutdown
halt:x:7:0:********************// :/sbin:/sbin/halt
webalizer:x:68:68:***************// Webalizer:/var/www/usage:/sbin/false
[root@localhost ~]#

Do I need to add all of it?

Thanks for any comment you may add!

Continue reading...

Unable to access fedora 10 shared folder from windows

Posted by Anonymous Coward | Posted in Linux | Posted on 17-08-2009

Tags: , , , , , ,

0

linux OS : Fedora 10 (No graphical mode)
Windows OS : XP and Windows Server NT

I am able to access from my windows to linux using following step
//fedora10 ip
username of admin and password

I am able to view the admin and shared printer of fedora 10.

When i try to enter in the admin folder i am not able to access it. It is giving error "Access is denied"

My smb.conf file is as above

————————–smb.conf————————————-

Code:

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
http://www.samba.org/samba/docs/Samb...Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SElinux NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SElinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SElinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================
   
[global]
   
# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
    workgroup = MYGROUP
    server string = Samba Server Version %v
   
;    netbios name = MYSERVER
   
;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;    hosts allow = 127. 192.168.12. 192.168.13.
   
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
   
    # logs split per machine
    log file = /var/log/samba/log.%m
    # max 50KB per log file, then rotate
    max log size = 50
   
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

    security = user
    passdb backend = tdbsam

# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#  password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#  password server = *
   
   
;    security = domain
;    passdb backend = tdbsam
;    realm = MY_REALM

;    password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
;    security = user
;    passdb backend = tdbsam
   
;    domain master = yes
;    domain logons = yes
   
    # the login script name depends on the machine name
;    logon script = %m.bat
    # the login script name depends on the unix user used
;    logon script = %u.bat
;    logon path = \\%L\Profiles\%u
    # disables profiles support by specifing an empty path
;    logon path =         
   
;    add user script = /usr/sbin/useradd "%u" -n -g users
;    add group script = /usr/sbin/groupadd "%g"
;    add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;    delete user script = /usr/sbin/userdel "%u"
;    delete user from group script = /usr/sbin/userdel "%u" "%g"
;    delete group script = /usr/sbin/groupdel "%g"
   
   
# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;    local master = no
;    os level = 33
;    preferred master = yes
   
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#  behalf of a non WINS capable client, for this to work there must be
#  at least one    WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
   
;    wins support = yes
;    wins server = w.x.y.z
;    wins proxy = yes
   
;    dns proxy = yes
   
# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
   
    load printers = yes
    cups options = raw

;    printcap name = /etc/printcap
    #obtain list of printers automatically on SystemV
;    printcap name = lpstat
;    printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

;    map archive = no
;    map hidden = no
;    map read only = no
;    map system = no
;    store dos attributes = yes

#============================ Share Definitions ==============================
   
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
;    valid users = %S
;    valid users = MYDOMAIN\%S
   
[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes
   
# Un-comment the following and create the netlogon directory for Domain Logons
;    [netlogon]
;    comment = Network Logon Service
;    path = /var/lib/samba/netlogon
;    guest ok = yes
;    writable = no
;    share modes = no
   
   
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;    [Profiles]
;    path = /var/lib/samba/profiles
;    browseable = no
;    guest ok = yes
   
   
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;    [public]
;    comment = Public Stuff
;    path = /home/samba
;    public = yes
;    writable = yes
;    printable = no
;    write list = +staff

Continue reading...

Writing UDEV rules to get a SCSI scanner working on Ubuntu

Posted by jfeedor | Posted in OpenSource | Posted on 16-08-2009

Tags: , , ,

0

I’ve been setting up some Ubuntu Jaunty systems for relatives as an excuse to get rid of a lot of old hardware including some SCSI scanners. I encountered an HP scanner that was supported by sane but not recognized by Ubuntu. The device ended up with the wrong permissions preventing anyone except root from scanning. This is an explanation of how to create a udev rule to automatically fix this type of problem.

Continue reading...

Linux HA Example (Simple)

Posted by jfeedor | Posted in OpenSource | Posted on 15-08-2009

Tags: , , ,

0

Many Linux distributions ship with the heartbeat suite of software for setting up High Availability Linux. The Linux HA project has details and downloads for those who do not have it available for their system. This text addresses setting up a very simple HA Linux configuration using the configuration files versus a GUI or the XML definition files. The example setup will have two servers that serve up an apache webserver. One can have many other services assigned as well and shared data over NFS for example. Similarly a common mysql db backend could be available or even more exotic tiered mysql dbs – basically whatever the needs are. What Linux HA can do is using a shared IP it can host the same IP from any server in the cluster list. For demonstration purposes, however, the apache servers root will have an index file with the actual hostname of the system – what should be observed is the index file contents will change after a failover but still be accessible via the shared IP.

Continue reading...

Kernel Bug Lay Undiscovered for Eight Years

Posted by jfeedor | Posted in OpenSource | Posted on 14-08-2009

Tags: , , ,

0

A Linux kernel bug in network socket initialization could allow an attacker to acquire root privileges to inflict damages. The security hole applies to all kernels of the 2.4 and 2.5 series and has been around possibly since 2001.

Continue reading...

Setting up Apache/mySQL/PHP in Jail

Posted by Anonymous Coward | Posted in BSD | Posted on 12-08-2009

Tags: , , , ,

0

Server: FreeBSD 7.2-Release

Previously I admin a website that uses IP.Board as a forum. It was on a FreeBSD server but there were some issues with some other people on the server so the whole server has been resetup. It is has been set up as a Unix Jail and I was given root access. Apache has been installed I’ve been told but I’m not sure how to configure it so that it points to the domain but I’m waiting to hear back from him on that.

Right now I’m trying to install mySQL. However the base commands like groupadd and useradd that I would use to set up my mysql user aren’t working. I’m not sure if that is because of the Unix Jail or something else.

Can anyone direct me on what I need to do to set up mySQL?

Continue reading...

Secondary groups not working with NFS (+LDAP)

Posted by Anonymous Coward | Posted in Linux | Posted on 06-08-2009

Tags: ,

0

I´m using LDAP for groups and NFS for home dirs. My problem is as follows:
I only have a few groups, so it’s not the problem everyone else had. When I’ve mounted a disk over NFS, I need to have my primary group in order to read in the groups I’m a member of. Secondary groups is not working.

Code:

 root@machine:/home/user# smbldap-groupshow secret
...
gidNumber: 1504
displayName: secret
memberUid: user,anotheruser
 root@machine:/home/user# su - user
 user@machine:~$ groups
users secret
 user@machine:~$ ls -ald ../secret/
drwxr-x--- 12 anotheruser secret 4096 2009-07-27 15:39 ../secret/
 user@machine:~$ cd ../secret/
bash: cd: ../secret/: Permission denied
 user@machine:~$ ls ../secret/
ls: cannot open directory ../secret/: Permission denied

But it works if I change the group to primary by hand with newgrp:

Code:
user@machine:~$ newgrp secret
user@machine:~$ cd ../secret/
user@machine:/home/secret$ ls
Nice secrets.txt

But my users cannot be expected to do this!
It works on the server holding the user files. But not over NFS.

I’ve tested this on clients: Ubuntu: 9.10 Karmic, 9.04 Jaunty, 8.10 Intrepid
The NFS server is running: Ubuntu 9.04 Jaunty.

Continue reading...

KERBEROS_V4 rejected as an authentication type & cron

Posted by Anonymous Coward | Posted in Linux | Posted on 04-08-2009

Tags: ,

0

Running as cron, I get error msg in mail: KERBEROS_V4 rejected as an authentication type,
even though the ftp does work. Can anyone explain this? Is there a way to stop it?

cron:
35 6 * * 1-5 ./PSS/pss.sh >> ./PSS/pss.log

script pss.sh:
#!/usr/bin/ksh
DIR=/home/informix/PSS
/usr/kerberos/bin/ftp -v -n << _EOF_
open PSSIPADDR
user testuser testpw
ascii
lcd $DIR
put studentinfo.txt
bye
_EOF_

mail:
Message 3:
From informix@pentapp2.iisd1.lcl Wed Jul 29 06:35:08 2009
Date: Wed, 29 Jul 2009 06:35:04 -0500
From: root@pentapp2.iisd1.lcl (Cron Daemon)
To: informix@pentapp2.iisd1.lcl
Subject: Cron <informix@pentapp2> ./PSS/pss.sh >> ./PSS/pss.log
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/home/informix>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=informix>
X-Cron-Env: <USER=informix>

KERBEROS_V4 rejected as an authentication type

———- Post updated at 09:49 AM ———- Previous update was at 09:47 AM ———-

BTW, I’m running RedHat 5.3

Continue reading...

Root exploit for Linux kernel published

Posted by jfeedor | Posted in OpenSource | Posted on 18-07-2009

Tags: , , , , ,

0

Brad Spengler, the developer behind the Grsecurity project, has published an exploit for a vulnerability in the Tun interface in Linux kernel 2.6.30 and 2.6.18, used in Red Hat Enterprise Linux 5 (RHEL5), which can be exploited by attackers to obtain root privileges. Of particular interest is the fact that the exploit is even able to circumvent security extensions such as SELinux. According to Spengler’s report, the vulnerability is only found in these two versions of the kernel. The core of the problem is a normally non-exploitable null pointer dereference, which becomes exploitable due to the GCC’s optimisation function.

Continue reading...

file system access problem

Posted by Anonymous Coward | Posted in Linux | Posted on 15-07-2009

Tags: , ,

0

I have 3 windows partitions (c,d,e) all of NTFS file system
i mounted them while installing open suse in /win/c,/win/d,/win/e

created a user other than "root" eg: "us1"

problem 1: by loggimg into linux by user "us1" iam unable to see files in mounted partitions c,d,e telling acces denied

"how to give user "us1" permission to read/write permission on /win/c,/win/d,/win/e …………….."
problem2:
by logging as "root" user iam seeing files able to access them but unable to write on /win/c,/win/d,/win/e

note:"once priviously i able to write on ntfs partions from same suse 10.3 "

Continue reading...
Previous