Re: Limiting User Commands
Don't give them shell access, and don't let them ftp to the server. Make them email you all the changes so you can browse for bad code. Then you can upload the changes. You will get tired of that real quick. Other than this method there is always a what if factor selinux,chroot, virtual server etc... Even if they do upload a bad script they shouldn't have perms to do anything. You could allow the apache user to rm -rf /* and nothing would happen if setup correctly. Stephen Le [EMAIL PROTECTED] 11/09/04 5:16 PM On Mon, 8 Nov 2004 09:28:10 -0900, Christopher Swingley [EMAIL PROTECTED] wrote: Make symbolic links between allowed commands and '/usr/local/rbin' As I said before, this is just a simple attempt to reduce priviledge. There are undoubtably ways around it, some easier than others depending on what's in /usr/local/rbin. This won't prevent users from executing banned commands with Perl scripts called by Apache. I'm opposed to using rbash for this reason and because some users might want to use a non-bash shell. -Stephen Le -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting User Commands
Take a look at sudo. Stephen Le [EMAIL PROTECTED] 11/5/2004 12:31:21 PM Hello all, Is there an easy way to limit the commands a certain group of users can execute? I've looked at chroot, and it's too complicated for my needs and seems too easy to circumvent; users will be able to upload their own Perl scripts, so it seems that they'll be able to access commands outside their chroot by getting Apache w/ mod_perl to execute the script. I'd like to be able to compile a list of commands/programs that users in a certain group will be able to execute (ex. cp, mv, rm, etc). However, I'd also be happy to compile a list of commands users shouldn't be able to execute. In regards to the latter method, would it be possible for me to change the group ownership of the commands I don't want users to have access to and revoke execute permission from that group? Thanks, Stephen Le -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Limiting User Commands
What about rbash? Not perfect by any means. Doug Griswold Unix/Linux Support SC Office of the CIO (803)896-0153 Mark Bucciarelli [EMAIL PROTECTED] 11/05/04 4:43 PM On Friday 05 November 2004 16:19, Stephen Le wrote: I don't think sudo is appropriate for what I'm trying to do. I'd like users to have limited shell access; I'm not trying to give them access to special commands. Besides, telling users to prefix every command they run with 'sudo' would be awkward and cumbersome. google vserver for one option. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get upgrade
echo $PATH as root and see if /usr/local/sbin, /usr/sbin and /sbin are in root's path. If they are maybe you issued su instead of su -. Johnno [EMAIL PROTECTED] 10/24/04 4:20 PM Hello When I do a apt-get upgrade on one the the servers here I get this error message: Do you want to continue? [Y/n] dpkg: `ldconfig' not found on PATH. dpkg: `start-stop-daemon' not found on PATH. dpkg: `install-info' not found on PATH. dpkg: `update-rc.d' not found on PATH. dpkg: 4 expected program(s) not found on PATH. NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin. E: Sub-process /usr/bin/dpkg returned an error code (2) dpkg package is install, any ideas? Many Thanks, Johnno -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: eth0 problems..
Try checking with ethtool. Which nic are you using? Simon Buchanan [EMAIL PROTECTED] 09/27/04 8:13 PM Hi There, i have a debian woody box that i am connected to via ssh, here is the ifconfig: eth0 Link encap:Ethernet HWaddr 00:50:FC:XX:XX:XX inet addr:203.109.xxx.xx Bcast:203.109.xxx.xx Mask:255.255.255.xxx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4109 errors:0 dropped:0 overruns:0 frame:0 TX packets:1079 errors:8 dropped:0 overruns:0 carrier:16 collisions:23 txqueuelen:100 RX bytes:809755 (790.7 KiB) TX bytes:169903 (165.9 KiB) Interrupt:16 Base address:0xa000 When i check the link with mii-tool i get the following response: box:/etc# mii-tool -v eth0 eth0: 10 Mbit, half duplex, no link product info: vendor 00:00:00, model 0 rev 0 basic mode: 10 Mbit, half duplex basic status: no link capabilities: advertising: NO LINK? But im connected to the thing - and its connected to a 100Mbit hub... Is this a problem with the ethernet card? Thanks Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: eth0 problems..
Are you sure that you havn't hard coded the duplex in a script or elsewhere? lspci should show you which nic you have in the server. Simon Buchanan [EMAIL PROTECTED] 09/27/04 8:40 PM Here is the output of ethtool... i cant remember what the nic is...: Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Speed: 10Mb/s Duplex: Half Port: MII PHYAD: 0 Transceiver: internal Auto-negotiation: off Supports Wake-on: pumbg Wake-on: d Doug Griswold wrote: Try checking with ethtool. Which nic are you using? Simon Buchanan [EMAIL PROTECTED] 09/27/04 8:13 PM Hi There, i have a debian woody box that i am connected to via ssh, here is the ifconfig: eth0 Link encap:Ethernet HWaddr 00:50:FC:XX:XX:XX inet addr:203.109.xxx.xx Bcast:203.109.xxx.xx Mask:255.255.255.xxx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4109 errors:0 dropped:0 overruns:0 frame:0 TX packets:1079 errors:8 dropped:0 overruns:0 carrier:16 collisions:23 txqueuelen:100 RX bytes:809755 (790.7 KiB) TX bytes:169903 (165.9 KiB) Interrupt:16 Base address:0xa000 When i check the link with mii-tool i get the following response: box:/etc# mii-tool -v eth0 eth0: 10 Mbit, half duplex, no link product info: vendor 00:00:00, model 0 rev 0 basic mode: 10 Mbit, half duplex basic status: no link capabilities: advertising: NO LINK? But im connected to the thing - and its connected to a 100Mbit hub... Is this a problem with the ethernet card? Thanks Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: eth0 problems..
25232 is the size and the 1 is how many times it is used, this part is completely normal. Simon Buchanan [EMAIL PROTECTED] 09/27/04 10:05 PM Hi Doug, the lsmod results in a line like this in the middle: 3c59x 25232 1 BUT, looking in /etc/modules.conf and /etc/modules... there in no entry with anything near this? Strange Doug Griswold wrote: Do a lsmod and look for the 3 com module that is loaded. Then look in /etc/modules.conf and modules to see if you have a options line near that module that might be setting the duplex. You can always set the duplex by using ethtool -s eth0 speed 100 duplex full autoneg off but if you aren't near the box you could kill your ethernet connection if you aren't really connected to a 100Mbit hub or switch. Here's some more info: Linux recognizes the card but seems to run in the wrong mode (e.g. 10Mbit instead of 100Mbit) : This can be solved with an appropriate entry in the options line mentioned above. With this line you can switch the driver to the desired mode (thereby switching off the autodetection of the driver). Here's an excerpt from Donald Beckers Homepage, which explains some details : An example of loading the vortex module is insmod 3c59x.o debug=1 options=0,,12 This sets the debug message level to minimal messages, sets the first card to the 10baseT transceiver, the second to the EEPROM-set transceiver, and the third card to operate in full-duplex mode using its 100baseTx transceiver. (Note: card ordering is set by the PCI BIOS.) Possible media type settings 0 10baseT, or use default setting. 1 10Mbps AUI 2 undefined (special case: 10baseT from the LILO prompt) 3 10base2 (BNC) 4 100base-TX 5 100base-FX 6 MII (always the correct transceiver type on the 3c905) 8 16 Full-duplex bit 16 10baseT full-duplex 20 100baseTx full-duplex 32 Bus-master enable bit (experimental use only!) E.g., If you want to run the card in Full-Duplex 100Mbit-Mode, enter the following parameters in the options line : options 3c59x options=12 Simon Buchanan [EMAIL PROTECTED] 09/27/04 9:08 PM The output of lispci is: :00:12.0 Ethernet controller: 3Com Corporation 3c905 100BaseTX [Boomerang] Im pretty sure that i havent coded anything... This is a standard debain woody install on a Althon XP box... Doug Griswold wrote: Are you sure that you havn't hard coded the duplex in a script or elsewhere? lspci should show you which nic you have in the server. Simon Buchanan [EMAIL PROTECTED] 09/27/04 8:40 PM Here is the output of ethtool... i cant remember what the nic is...: Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Speed: 10Mb/s Duplex: Half Port: MII PHYAD: 0 Transceiver: internal Auto-negotiation: off Supports Wake-on: pumbg Wake-on: d Doug Griswold wrote: Try checking with ethtool. Which nic are you using? Simon Buchanan [EMAIL PROTECTED] 09/27/04 8:13 PM Hi There, i have a debian woody box that i am connected to via ssh, here is the ifconfig: eth0 Link encap:Ethernet HWaddr 00:50:FC:XX:XX:XX inet addr:203.109.xxx.xx Bcast:203.109.xxx.xx Mask:255.255.255.xxx UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4109 errors:0 dropped:0 overruns:0 frame:0 TX packets:1079 errors:8 dropped:0 overruns:0 carrier:16 collisions:23 txqueuelen:100 RX bytes:809755 (790.7 KiB) TX bytes:169903 (165.9 KiB) Interrupt:16 Base address:0xa000 When i check the link with mii-tool i get the following response: box:/etc# mii-tool -v eth0 eth0: 10 Mbit, half duplex, no link product info: vendor 00:00:00, model 0 rev 0 basic mode: 10 Mbit, half duplex basic status: no link capabilities: advertising: NO LINK? But im connected to the thing - and its connected to a 100Mbit hub... Is this a problem with the ethernet card? Thanks Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
2 hba's accessing same disk
I curently have 2 hba's connected on a san and want to implement failover. When you first install them you see twice as many disks since there are 2 paths. My question is can you use the md/multipath module to get failover? If so can you do it without using software raid? The aray is already using hardware raid level 5 so there is no need for sofware raid. So far I have created the devices but they will not failover. I am having a hard time finding documentation on this particular module. Any help would be appreciated. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
System monitor.
Do any of you know of a good open source resource monitor that would monitor window, novell, *nix servers? I'm looking for something simliar to IBM tivoli resource monitor or ca unicenter but open source. Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
udp v4 hw csum failure
Have any of you seen this error before( kernel: udp v4 hw csum failure)? I can't seem to figure out what is causing this error but it occurs about every hour or so. This is on kernel 2.4.20 with an e100 intel driver compiled in on a debian woody system. Thanks
Re: dell 1650 perc3/di raid 5 15k rpm performance
I installed the Red Hat kernel and performance was affected some but not much. I now get between 50-56Mb/s but still not close to the 70Mb/s of before. I'm not sure what you mean here Also did you re-create the RAID device in the process of installing Debian? if you could explain this to me a little more that would be good. I really like Debian and would like to be able to use it on everything so I need to learn how to optimize this box so it will run as good or better than red hat. Thanks Russell Coker [EMAIL PROTECTED] 03/22/03 05:45 AM On Sat, 22 Mar 2003 04:54, Doug Griswold wrote: Hey guys I am having a small performance problem with a dell 1650 with the perc3/di raid 5 card. I had red hat on this box and was getting 70-75Mb/s when testing with hdparm -tT /dev/sda. I suggest using anything other than hdparm for benchmarking. Now using Debian I am getting 40-50Mb/s. I am using the 2.4.19-ac4 kernel and aacraid module. I'm sure it is a tuning issue on my part but can't seem to figure it out. If any of you have any experience with this controller I would appreciate the help. Try using the Red Hat kernel on Debian and see how it goes. Also did you re-create the RAID device in the process of installing Debian? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dell 1650 perc3/di raid 5 15k rpm performance
I installed the Red Hat kernel and performance was affected some but not much. I now get between 50-56Mb/s but still not close to the 70Mb/s of before. I'm not sure what you mean here Also did you re-create the RAID device in the process of installing Debian? if you could explain this to me a little more that would be good. I really like Debian and would like to be able to use it on everything so I need to learn how to optimize this box so it will run as good or better than red hat. Thanks Russell Coker [EMAIL PROTECTED] 03/22/03 05:45 AM On Sat, 22 Mar 2003 04:54, Doug Griswold wrote: Hey guys I am having a small performance problem with a dell 1650 with the perc3/di raid 5 card. I had red hat on this box and was getting 70-75Mb/s when testing with hdparm -tT /dev/sda. I suggest using anything other than hdparm for benchmarking. Now using Debian I am getting 40-50Mb/s. I am using the 2.4.19-ac4 kernel and aacraid module. I'm sure it is a tuning issue on my part but can't seem to figure it out. If any of you have any experience with this controller I would appreciate the help. Try using the Red Hat kernel on Debian and see how it goes. Also did you re-create the RAID device in the process of installing Debian? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dell 1650 perc3/di raid 5 15k rpm performance
You are right about the 10 percent hdparm is kinda suckey when it comes to giving absolute resulte but it will give you a general idea of what the disks are doing. I didn't reassign the disks when installing debian, I basically just booted into debian deleted the partitions that were there from redhat and re-partitioned and then went on with the install. Russell Coker [EMAIL PROTECTED] 03/22/03 15:37 PM On Sat, 22 Mar 2003 17:41, Doug Griswold wrote: I installed the Red Hat kernel and performance was affected some but not much. I now get between 50-56Mb/s but still not close to the 70Mb/s of before. Is hdparm accurate enough to determine a 10% difference? I suspect that your results so far don't show an improvement from the RH kernel. I'm not sure what you mean here Also did you re-create the RAID device in the process of installing Debian? if you could explain this to me a little more that would be good. I really Re-assigning the disks to a RAID device. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dell 1650 perc3/di raid 5 15k rpm performance
I used the same filesystem type and mount options. It's a very perplexing issue, I've always seen better performance out of debian over red hat. But my experience on scsi raid is very limited. Thanks Again Nathan E Norman [EMAIL PROTECTED] 03/22/03 18:07 PM On Sat, Mar 22, 2003 at 05:26:46PM -0500, Doug Griswold wrote: You are right about the 10 percent hdparm is kinda suckey when it comes to giving absolute resulte but it will give you a general idea of what the disks are doing. I didn't reassign the disks when installing debian, I basically just booted into debian deleted the partitions that were there from redhat and re-partitioned and then went on with the install. Apart from driver issues which could be a very real problem, did you use the same filesystem type and mount options? Since you say you re-partitioned I'm assuming you recreated the filesystems as well. -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] For myself, I can only say that I am astonished and somewhat terrified at the results of this evening's experiments. Astonished at the wonderful power you have developed, and terrified at the thought that so much hideous and bad music may be put on record forever. -- Sir Arthur Sullivan, message to Edison, 1888 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
dell 1650 perc3/di raid 5 18k rpm performance
Hey guys I am having a small performance problem with a dell 1650 with the perc3/di raid 5 card. I had red hat on this box and was getting 70-75Mb/s when testing with hdparm -tT /dev/sda. Now using Debian I am getting 40-50Mb/s. I am using the 2.4.19-ac4 kernel and aacraid module. I'm sure it is a tuning issue on my part but can't seem to figure it out. If any of you have any experience with this controller I would appreciate the help.