RE: Ftp Access.

2005-04-05 Thread Tal Rosenstein 
Ok Thanks.
I thought I needed it but I see that I do have ACL support at the
current kernel 
So I just downloaded the ACL tools
Now begins the Fun stuff   :-)

Thank you all for the help.
Have a nice day :-) 


 
Tal Rosenstein  
IT Manager 
Finjan Software.

Office:  +972-9-8648235 
mailto:[EMAIL PROTECTED]

-Original Message-
From: Ilya Konstantinov [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 05, 2005 12:50 AM
To: Tal Rosenstein
Cc: linux-il@linux.org.il
Subject: Re: Ftp Access.

Tal Rosenstein wrote:

>Hello Ilya
>And thanks for the help.
>I have tried:
> getfacl
>-bash: getfacl: command not found
>
This probably means the "acl" Debian package is not installed.

>I have tried to download a kernel and compiling it by the 
>http://newbiedoc.sourceforge.net/system/kernel-pkg.html.en
>And failed at the point of : make-kpkg   and the shell did not find the
>application
>
"make-kpkg" belongs to the package "kernel-package", if you wish to
install it. However, I don't see why you feel like you need to recompile
your kernel. The precompiled kernel packages supplied by Debian are just
fine.






*
Finjan Software

This e-mail and any attached files are confidential and may be legally
privileged. The unauthorized use, disclosure or copying of this email or
any information contained within it is strictly prohibited. This also
confirms that Finjan Software's Vital Security 1 BOX for E-Mail has scanned this
message for the presence of known viruses and potentially malicious
code.

Finjan Software - Prevention is the Best Cure!
*


To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Ftp Access.

2005-04-05 Thread Tal Rosenstein 
Hello Ilya 
And thanks for the help.
I have tried:
 getfacl
-bash: getfacl: command not found
ftp:/usr/src# tcsh
ftp:/usr/src# getfacl
getfacl: Command not found.
ftp:/usr/src# setfacl
setfacl: Command not found.
ftp:/usr/src#

And got the errors above.

I have tried to download a kernel and compiling it by the
http://newbiedoc.sourceforge.net/system/kernel-pkg.html.en 
And failed at the point of : make-kpkg   and the shell did not find the
application 
I really need the help 
Thanks.


 
Tal Rosenstein  
IT Manager 
Finjan Software.

Office:  +972-9-8648235 
mailto:[EMAIL PROTECTED]

-Original Message-
From: Ilya Konstantinov [mailto:[EMAIL PROTECTED] 
Sent: Sunday, April 03, 2005 9:14 PM
To: Tal Rosenstein
Cc: shimi; linux-il@linux.org.il
Subject: Re: Ftp Access.

Tal Rosenstein wrote:

> But i dont know how to enable the ACL's   please help.
>
What makes you think you don't have ACL support enabled?

First of all, try using the ACL utilities (getfacl, setfacl). If you're
not familiar with them, you might need to read some manuals.

If they report an error along the lines of "Unsupported", make sure you
mount your ext3 partition with the "acl" option. Modify the /etc/fstab
file accordingly.

Without rebooting, remount that partition and try getfacl/setfacl again.

For example, to remount the root partition with new options, do:

mount -o remount /






*
Finjan Software

This e-mail and any attached files are confidential and may be legally
privileged. The unauthorized use, disclosure or copying of this email or
any information contained within it is strictly prohibited. This also
confirms that Finjan Software's Vital Security 1 BOX for E-Mail has scanned this
message for the presence of known viruses and potentially malicious
code.

Finjan Software - Prevention is the Best Cure!
*


To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Ftp Access.

2005-04-04 Thread Tzafrir Cohen 
On Tue, Apr 05, 2005 at 12:49:35AM +0300, Ilya Konstantinov wrote:

> "make-kpkg" belongs to the package "kernel-package", if you wish to 
> install it. However, I don't see why you feel like you need to recompile 
> your kernel. The precompiled kernel packages supplied by Debian are just 
> fine.

>From the configs of current Sarge kernels:

  $ grep ACL /usr/src/kernel-headers-2.*/.config
  /usr/src/kernel-headers-2.4.27-2-386/.config:CONFIG_EXT3_FS_POSIX_ACL=y
  /usr/src/kernel-headers-2.4.27-2-386/.config:CONFIG_EXT2_FS_POSIX_ACL=y
  /usr/src/kernel-headers-2.4.27-2-386/.config:CONFIG_XFS_POSIX_ACL=y
  /usr/src/kernel-headers-2.4.27-2-386/.config:CONFIG_FS_POSIX_ACL=y
  # and ditto for the other 2.4.7 kernel configs
  /usr/src/kernel-headers-2.6.8-2-386/.config:CONFIG_EXT2_FS_POSIX_ACL=y
  /usr/src/kernel-headers-2.6.8-2-386/.config:CONFIG_EXT3_FS_POSIX_ACL=y
  /usr/src/kernel-headers-2.6.8-2-386/.config:CONFIG_JFS_POSIX_ACL=y
  /usr/src/kernel-headers-2.6.8-2-386/.config:CONFIG_FS_POSIX_ACL=y
  /usr/src/kernel-headers-2.6.8-2-386/.config:CONFIG_XFS_POSIX_ACL=y

So kernel-space support is in place.

-- 
Tzafrir Cohen | New signature for new address and  |  VIM is
http://tzafrir.org.il | new homepage   | a Mutt's  
[EMAIL PROTECTED] ||  best
ICQ# 16849755 | Space reserved for other protocols | friend

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Ftp Access.

2005-04-04 Thread Ilya Konstantinov 
Tal Rosenstein wrote:
Hello Ilya 
And thanks for the help.
I have tried:
getfacl
-bash: getfacl: command not found

This probably means the "acl" Debian package is not installed.
I have tried to download a kernel and compiling it by the
http://newbiedoc.sourceforge.net/system/kernel-pkg.html.en 
And failed at the point of : make-kpkg   and the shell did not find the
application 

"make-kpkg" belongs to the package "kernel-package", if you wish to 
install it. However, I don't see why you feel like you need to recompile 
your kernel. The precompiled kernel packages supplied by Debian are just 
fine.


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Ftp Access.

2005-04-03 Thread Amit Aronovitch 




People, Tal is using a simple, old-fashioned solution (ftp server) -
why not give simple, old-fashioned answers?

While ACL's are modern and much more flexible, there's still quite a
lot that can be done with plain old unix-style permissions (and you
certainly don't need to compile new kernels for that).

Tal Rosenstein wrote:

  
  
  d-wxrwx---   5 incoming inout   4096 2005-03-30
10:51 incoming
dr-xrwx---   6 outgoing inout   4096 2005-03-29 18:15 outgoing
  
  the group inout is the group of the user inout
[which can put and delete files from all of the folders]
  

With plain-old unix permissions, being the *owner* of a file/directory
means you can freely change it's permissions. 
I believe many ftp servers allow users to use the 'chmod' command by
default, so there's not much point in setting the user's own permission
to anything other than rwx (at least not security-wise. It might be
useful as some kind of convenience measure).

 However, a user does not have to own his home (certainly not her ftp
home). The key to achieve (aproximately) what you want is by using
groups:

1) Define 'incoming' and 'inout' members in group 'writers', 'outgoing'
and 'inout' members in group 'readers'

2) Set permissions thus:

flags   user   group    dirname
--
d-wx-ws---  inout  writers  incoming
drwxr-s---  inout  readers  outgoing

3) Further notes:

  a) Note the 's' flags on the group perms (use 'chmod g+s
' to set it). This means that files generated under this
dir will get the parent dir's group  rather than their creator's main
group. Assuming that 'incoming' has 'writers' as his main group &
'outgoing' has 'readers', this will only have effect on files written
by the 'inout' login.

  b) Note that according to my first comment above, the fact that files
generated by the 'incoming' login get the right permissions by default
does not mean their'e safe - she can still chmod them to anything
(unless you disable this feature in your ftp-server). Same goes for the
'inout' login, but I assume you should have no trouble with this.

  c) Make sure you set umask to 7 (disable all permissions for 'others'
in files generated by this user) for these users. This is done by
adding umask=7 to the GECOS (full name/comment) field in /etc/passwd.
In Debian this can be done by an option to the adduser(8) command.
e.g.   'adduser --gecos "umask=7,Incoming FTP Login" incoming'
 

   
  The problem:
  ===
  Whenever a user is logged on to the ftp with his
user and tries to open a folder below his home dir [/home/incoming]
  Than the folder permission and owner is not kept.

I'm not sure what you mean by "open a folder below his home".
 If you mean that permissions of newly created files are not as you
expect - this can be probably solved by using the right umask (comment
3c above) and directory g+s (comment 3a above).

   cheers,
 Amit

Re: Ftp Access.

2005-04-03 Thread Ilya Konstantinov 
Tal Rosenstein wrote:
But i dont know how to enable the ACL's   please help.
What makes you think you don't have ACL support enabled?
First of all, try using the ACL utilities (getfacl, setfacl). If you're 
not familiar with them, you might need to read some manuals.

If they report an error along the lines of "Unsupported", make sure you 
mount your ext3 partition with the "acl" option. Modify the /etc/fstab 
file accordingly.

Without rebooting, remount that partition and try getfacl/setfacl again. 
For example, to remount the root partition with new options, do:

mount -o remount /

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Ftp Access.

2005-04-03 Thread Tal Rosenstein 



Guys I am sorry to nag you about this but when I am looking 
at the /usr/src  there is nothing there [if i may add this is a Debian 
flavor installed from the net] over FTP.
 
ftp:/# ls -la /usr/src/total 
8drwxrwsr-x   2 root src  4096 2004-07-26 21:27 
.drwxr-xr-x  13 root root 4096 2005-03-21 17:30 .
 
I know i can do:
 apt-get install  
kernel-build-2.4.27-2
apt-get install  
kernel-image-2.6.8-2-686
apt-get 
install   kernel-source-2.6.8    

 
 
But i dont know how to enable the ACL's   
please help.
 
 



  
  

   Tal 
  Rosenstein
  

  IT Manager Finjan 
  Software.
  

  

  Office:  +972-9-8648235 
  
  

  mailto:[EMAIL PROTECTED] 
 


From: shimi [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 01, 2005 6:27 PMTo: Tal 
RosensteinCc: linux-il@linux.org.ilSubject: RE: Ftp 
Access.
On Thu, 2005-03-31 at 16:48 +0200, Tal Rosenstein wrote: 
Thanks for the swift reply.
But I have 1 more dumb question:
This is what I see when I type:
ftp:~# uname -a
Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux

Is this the latest kernel ? [if not where can I download it from and how
can I install it ?]
Again thanks for the help 
Of the 2.4.x branch, 2.4.29 is the latest version 
(there's also a 2.6 branch).You can grab all the sources here: http://kernel.org/Installing the kernel 
usually involves copying your current kernel config (that should be at 
/usr/src/linux/.config) into the new kernel (for instance - 
/usr/src/linux-2.4.29) - removing the symlink (/usr/src/linux) to the old 
kernel, and making a symlink to the new kernel. After all that, you do the 
compile, and install it and System.map into /boot. Then, if necessary, update 
the boot loader configuration file [and possibly install the boot loader again, 
if it's LILO].That's really in general. In every distribution, you'll 
find things to slightly differ.For the 2.4 branch, installation usually 
looks something like that:rm /usr/src/linuxln -s 
/usr/src/linux-2.4.29 /usr/src/linuxcd /usr/src/linux make 
mrpropermake menuconfigmake depmake bzImagemake modulesmake 
modules_installcp arch/i386/boot/bzImage /boot/vmlinuz-2.4.29cp 
System.map /bootand then update lilo.conf or grub.conf accordingly.. 
(better append than replace - so if the new kernel doesn't work - you can still 
boot to the old one :)

  
  
-- shimi <[EMAIL PROTECTED]> 
*Finjan SoftwareThis e-mail and any attached files are confidential and may be legallyprivileged. The unauthorized use, disclosure or copying of this email orany information contained within it is strictly prohibited. This alsoconfirms that Finjan Software's Vital Security 1 BOX for E-Mail has scanned thismessage for the presence of known viruses and potentially maliciouscode.Finjan Software - Prevention is the Best Cure!*

Re: Ftp Access.

2005-04-02 Thread Shachar Shemesh 
Tzafrir Cohen wrote:
On Thu, Mar 31, 2005 at 04:48:55PM +0200, Tal Rosenstein wrote:
 

Thanks for the swift reply.
But I have 1 more dumb question:
This is what I see when I type:
ftp:~# uname -a
Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux
Is this the latest kernel ? [if not where can I download it from and how
can I install it ?]
Again thanks for the help 
   

No, this is not the latest kernel. Not even the latest from Debian.
 apt-get install kernel-image-2.4.27-2-386
Or better:
 
 apt-get install kernel-image-2.4.27-2-686

 

Or better yet:
apt-get install kernel-image-2.4-686
and get notified whenever a new kernel comes out.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Ftp Access.

2005-04-02 Thread Kobi Cohen-Arazi 
BTW, You can always use the debian way of building a kernel from the sources, using make-kpkg.That way you can make sure the ACL is enabled.http://newbiedoc.sourceforge.net/system/kernel-pkg.htmlThe
problem is not necessary if you use the latest kernel or not. The
question is do you have ACL enabled or not. in 2.4.27 you have that
options. You don't need to grab the latest kernel for that.Kobi.On Apr 1, 2005 7:00 PM, Tzafrir Cohen <[EMAIL PROTECTED]> wrote:> On Thu, Mar 31, 2005 at 04:48:55PM +0200, Tal Rosenstein wrote:> > Thanks for the swift reply.> > But I have 1 more dumb question:> > This is what I see when I type:> > ftp:~# uname -a> > Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux> >> > Is this the latest kernel ? [if not where can I download it from and how> > can I install it ?]> > Again thanks for the help> > No, this is not the latest kernel. Not even the latest from Debian.> >   apt-get install kernel-image-2.4.27-2-386> > Or better:> >   apt-get install kernel-image-2.4.27-2-686> > -->
Tzafrir Cohen | New
signature for new address and  |  VIM is>
http://tzafrir.org.il | new
homepage  
| a Mutt's> [EMAIL PROTECTED]
||  best> ICQ# 16849755 | Space reserved for other protocols | friend> > => To unsubscribe, send mail to [EMAIL PROTECTED] with> the word "unsubscribe" in the message body, e.g., run the command> echo unsubscribe | mail [EMAIL PROTECTED]> >

Re: Ftp Access.

2005-04-01 Thread Tzafrir Cohen 
On Thu, Mar 31, 2005 at 04:48:55PM +0200, Tal Rosenstein wrote:
> Thanks for the swift reply.
> But I have 1 more dumb question:
> This is what I see when I type:
> ftp:~# uname -a
> Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux
> 
> Is this the latest kernel ? [if not where can I download it from and how
> can I install it ?]
> Again thanks for the help 

No, this is not the latest kernel. Not even the latest from Debian.

  apt-get install kernel-image-2.4.27-2-386

Or better:
  
  apt-get install kernel-image-2.4.27-2-686

-- 
Tzafrir Cohen | New signature for new address and  |  VIM is
http://tzafrir.org.il | new homepage   | a Mutt's  
[EMAIL PROTECTED] ||  best
ICQ# 16849755 | Space reserved for other protocols | friend

=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Ftp Access.

2005-04-01 Thread shimi 

--=-1d3/AR/nBIvJTb+Hpw5J
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Thu, 2005-03-31 at 16:48 +0200, Tal Rosenstein wrote:

> Thanks for the swift reply.
> But I have 1 more dumb question:
> This is what I see when I type:
> ftp:~# uname -a
> Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux
> 
> Is this the latest kernel ? [if not where can I download it from and how
> can I install it ?]
> Again thanks for the help 


Of the 2.4.x branch, 2.4.29 is the latest version (there's also a 2.6
branch).

You can grab all the sources here: http://kernel.org/

Installing the kernel usually involves copying your current kernel
config (that should be at /usr/src/linux/.config) into the new kernel
(for instance - /usr/src/linux-2.4.29) - removing the symlink
(/usr/src/linux) to the old kernel, and making a symlink to the new
kernel. After all that, you do the compile, and install it and
System.map into /boot. Then, if necessary, update the boot loader
configuration file [and possibly install the boot loader again, if it's
LILO].

That's really in general. In every distribution, you'll find things to
slightly differ.

For the 2.4 branch, installation usually looks something like that:

rm /usr/src/linux
ln -s /usr/src/linux-2.4.29 /usr/src/linux
cd /usr/src/linux 
make mrproper
make menuconfig
make dep
make bzImage
make modules
make modules_install
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.29
cp System.map /boot

and then update lilo.conf or grub.conf accordingly.. (better append than
replace - so if the new kernel doesn't work - you can still boot to the
old one :)

-- 
shimi <[EMAIL PROTECTED]>

--=-1d3/AR/nBIvJTb+Hpw5J
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit




  
  


On Thu, 2005-03-31 at 16:48 +0200, Tal Rosenstein wrote:


Thanks for the swift reply.
But I have 1 more dumb question:
This is what I see when I type:
ftp:~# uname -a
Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 
i686 GNU/Linux

Is this the latest kernel ? [if not where can I download 
it from and how
can I install it ?]
Again thanks for the help 



Of the 2.4.x branch, 2.4.29 is the latest version (there's also a 2.6 
branch).

You can grab all the sources here: http://kernel.org/";>http://kernel.org/

Installing the kernel usually involves copying your current kernel config (that 
should be at /usr/src/linux/.config) into the new kernel (for instance - 
/usr/src/linux-2.4.29) - removing the symlink (/usr/src/linux) to the old 
kernel, and making a symlink to the new kernel. After all that, you do the 
compile, and install it and System.map into /boot. Then, if necessary, update 
the boot loader configuration file [and possibly install the boot loader again, 
if it's LILO].

That's really in general. In every distribution, you'll find things to slightly 
differ.

For the 2.4 branch, installation usually looks something like that:

rm /usr/src/linux
ln -s /usr/src/linux-2.4.29 /usr/src/linux
cd /usr/src/linux 
make mrproper
make menuconfig
make dep
make bzImage
make modules
make modules_install
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.29
cp System.map /boot

and then update lilo.conf or grub.conf accordingly.. (better append than 
replace - so if the new kernel doesn't work - you can still boot to the old one 
:)




-- 
shimi [EMAIL PROTECTED]>






--=-1d3/AR/nBIvJTb+Hpw5J--


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

RE: Ftp Access.

2005-04-01 Thread Tal Rosenstein 
Thanks for the swift reply.
But I have 1 more dumb question:
This is what I see when I type:
ftp:~# uname -a
Linux ftp 2.4.27-1-386 #1 Fri Sep 3 06:24:46 UTC 2004 i686 GNU/Linux

Is this the latest kernel ? [if not where can I download it from and how
can I install it ?]
Again thanks for the help 


 
Tal Rosenstein  
IT Manager 
Finjan Software.

Office:  +972-9-8648235 
mailto:[EMAIL PROTECTED]

-Original Message-
From: Ilya Konstantinov [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 31, 2005 3:35 AM
To: Tal Rosenstein
Cc: linux-il@linux.org.il
Subject: Re: Ftp Access.

Hi Tal,


If you have a modern-enough version of the Linux Kernel and using ext3,
you can turn on ACLs on your ext3 partition (add "acl" to your mount
options) and set a "default ACL" (using the setfacl utility) on those
directories. Then, no matter what ownership or mode those new files will
have, they'll also have an ACL attached to them allowing whoever you
want to access them.


(I'm recently all excited about ACLs. They solve so many problems which
previously required hacks which were essentially security compromises.)


Tal Rosenstein wrote:

> Hello .
> i would like to question you a small problem that i have.
> I have created a wu-ftp on debian  and gave the user the chroot [in 
> wu-ftp/ftpaccess].
> And i have 3 users on that server:
> incoming
> outgoing
> and inout
>





*
Finjan Software

This e-mail and any attached files are confidential and may be legally
privileged. The unauthorized use, disclosure or copying of this email or
any information contained within it is strictly prohibited. This also
confirms that Finjan Software's Vital Security 1 BOX for E-Mail has scanned this
message for the presence of known viruses and potentially malicious
code.

Finjan Software - Prevention is the Best Cure!
*


To unsubscribe, 
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Re: Ftp Access.

2005-03-30 Thread Ilya Konstantinov 
Hi Tal,
If you have a modern-enough version of the Linux Kernel and using ext3, 
you can turn on ACLs on your ext3 partition (add "acl" to your mount 
options) and set a "default ACL" (using the setfacl utility) on those 
directories. Then, no matter what ownership or mode those new files will 
have, they'll also have an ACL attached to them allowing whoever you 
want to access them.

(I'm recently all excited about ACLs. They solve so many problems which 
previously required hacks which were essentially security compromises.)

Tal Rosenstein wrote:
Hello .
i would like to question you a small problem that i have.
I have created a wu-ftp on debian  and gave the user the chroot [in 
wu-ftp/ftpaccess].
And i have 3 users on that server:
incoming
outgoing
and inout


=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]