Re: snooping windows 10 - how to stop it on a linux gateway?
That windows update server is a relay for the "snoop" messages. About the only way to totally stop the snoop messages is to totally isolate the network containing Windows machines from the network. Any windows machine can serve as a relay point for any others. {o.o} On 2016-03-04 20:16, Karel Lang AFD wrote: Hi guys, firstly, sorry Todd, i don't know how it happened i got attached to your thread. secondly, thank you all for your thoughtful posts. I know it is not easy to block the selected traffic from windows 10 and you are right, it is being backported to windows 7 as well. Horrible and disgusting. I already have windows server in LAN dedicated as a update server (work of my windows colleagues), so the PC don't have to access windows update servers outside LAN - this should simplify things. Also the PCs must have internet access to email, http, https, ftp, sftp - simply the 'usual' stuff. I think, yet, there should be a way. I'll try to consult mikrotik experts (the router brand we use) and guys from our ISP. If i have something, i'll let you know :-) thank you, bb Karel On 03/05/2016 12:40 AM, Steven Haigh wrote: On 05/03/16 07:24, Karel Lang AFD wrote: Hi all, guys, i think everyone heard already about how windows 10 badly treat its users privacy. My solution to this was to finally rid Windows 7 off my desktop PC - as most of the telemetry has also been 'back ported' to Windows 7 also. You can't stop it. I'm now thinking about a way howto stop a windows 10 sending these data mining results to a microsoft telemetry servers and filter it on our SL 6 linux gateway. Nope. There are no specific servers in use - just general - so whatever you block will end up killing other services. I think it could be (maybe?) done via DPI (deep packet inspection). I similarly filter torrent streams on our gateway - i patched standard SL 6 kernel with 'xtables' (iptables enhancement) and it is working extremely well. I would be interested to see if you could identify telemetry packets in the flow - but I'm not predicting much success. If you do get it, make sure you let the world know though! I read (not sure if true) that some DNS resolutions to M$ servers are even 'hardwired' via some .dll library, so it makes it even harder. Correct. I'm no windows expert, but i'm and unix administrator concerned about privacy of windows desktop/laptop users sitting inside my LAN. What i'd like to come up is some more general iptables rules, than blocking specific IP addresses or names, because, apparently they may change in any incoming windows update ... Anyone gave this thought already? Anyone else's concerned the way i am? Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on a few things that I like - so Fedora is a happy medium for me - as I still have the fedora-updates-testing repo enabled. My work laptop as well as my personal laptop - and now my home desktop all run Fedora 23 (KDE Spin if you hate Gnome 3 - like me).
Re: snooping windows 10 - how to stop it on a linux gateway?
Hi guys, firstly, sorry Todd, i don't know how it happened i got attached to your thread. secondly, thank you all for your thoughtful posts. I know it is not easy to block the selected traffic from windows 10 and you are right, it is being backported to windows 7 as well. Horrible and disgusting. I already have windows server in LAN dedicated as a update server (work of my windows colleagues), so the PC don't have to access windows update servers outside LAN - this should simplify things. Also the PCs must have internet access to email, http, https, ftp, sftp - simply the 'usual' stuff. I think, yet, there should be a way. I'll try to consult mikrotik experts (the router brand we use) and guys from our ISP. If i have something, i'll let you know :-) thank you, bb Karel On 03/05/2016 12:40 AM, Steven Haigh wrote: On 05/03/16 07:24, Karel Lang AFD wrote: Hi all, guys, i think everyone heard already about how windows 10 badly treat its users privacy. My solution to this was to finally rid Windows 7 off my desktop PC - as most of the telemetry has also been 'back ported' to Windows 7 also. You can't stop it. I'm now thinking about a way howto stop a windows 10 sending these data mining results to a microsoft telemetry servers and filter it on our SL 6 linux gateway. Nope. There are no specific servers in use - just general - so whatever you block will end up killing other services. I think it could be (maybe?) done via DPI (deep packet inspection). I similarly filter torrent streams on our gateway - i patched standard SL 6 kernel with 'xtables' (iptables enhancement) and it is working extremely well. I would be interested to see if you could identify telemetry packets in the flow - but I'm not predicting much success. If you do get it, make sure you let the world know though! I read (not sure if true) that some DNS resolutions to M$ servers are even 'hardwired' via some .dll library, so it makes it even harder. Correct. I'm no windows expert, but i'm and unix administrator concerned about privacy of windows desktop/laptop users sitting inside my LAN. What i'd like to come up is some more general iptables rules, than blocking specific IP addresses or names, because, apparently they may change in any incoming windows update ... Anyone gave this thought already? Anyone else's concerned the way i am? Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on a few things that I like - so Fedora is a happy medium for me - as I still have the fedora-updates-testing repo enabled. My work laptop as well as my personal laptop - and now my home desktop all run Fedora 23 (KDE Spin if you hate Gnome 3 - like me).
Re: snooping windows 10 - how to stop it on a linux gateway?
Can't be done economically. ANY machine that can reach Windows Update will also feed the snooping reports. The blocking is probably not needed as it consists of error reports after you've turned off everything in the various settings dialogs. Of course, one must never run Cortana if one is concerned about privacy. Note that you MAY have better overall security for personal information if you figure out what the reporting addresses are and explicitly block all other addresses as a means of mitigating potential third party attacks through these semi-open doors. How open they really are depends on the degree of encryption MS has used in these reports and interfaces. {^_^} On 2016-03-04 16:24, ToddAndMargo wrote: On 03/04/2016 03:49 PM, Andrew Z wrote: Uninstall. :) Or just block all access from Windows machines to the Internet. And turn off Windows Update Service. And test out your critical Windows software with Wine Staging And if need be, run XP inside a KVM virtual machine
Re: snooping windows 10 - how to stop it on a linux gateway?
On 03/04/2016 03:49 PM, Andrew Z wrote: Uninstall. :) Or just block all access from Windows machines to the Internet. And turn off Windows Update Service. And test out your critical Windows software with Wine Staging And if need be, run XP inside a KVM virtual machine -- ~~ Computers are like air conditioners. They malfunction when you open windows ~~
Re: Offline update FAQ?
Check out my old tools at https://github.com/nkadel/nkadel-rsync-scripts . On Wed, Mar 2, 2016 at 2:52 PM, Mark Stodola wrote: > On 03/02/2016 09:12 AM, Howard, Chris wrote: >> >> Can someone point me to a good cookbook for doing offline updates? >> >> My fuzzy understanding is that I would build an internet-accessible >> SL system, then periodically create my own repository >> and from that cook a DVD and take it to the non-internet-accessible >> machine >> and run Yum against it. >> >> I need help filling in the steps. >> >> Chris
Re: snooping windows 10 - how to stop it on a linux gateway?
Uninstall. :) On Mar 4, 2016 3:24 PM, "Karel Lang AFD" wrote: > Hi all, > > guys, i think everyone heard already about how windows 10 badly treat its > users privacy. > > I'm now thinking about a way howto stop a windows 10 sending these data > mining results to a microsoft telemetry servers and filter it on our SL 6 > linux gateway. > > I think it could be (maybe?) done via DPI (deep packet inspection). I > similarly filter torrent streams on our gateway - i patched standard SL 6 > kernel with 'xtables' (iptables enhancement) and it is working extremely > well. > > I read (not sure if true) that some DNS resolutions to M$ servers are even > 'hardwired' via some .dll library, so it makes it even harder. > > I'm no windows expert, but i'm and unix administrator concerned about > privacy of windows desktop/laptop users sitting inside my LAN. > > What i'd like to come up is some more general iptables rules, than > blocking specific IP addresses or names, because, apparently they may > change in any incoming windows update ... > > Anyone gave this thought already? Anyone else's concerned the way i am? > > cheers > > > > -- > *Karel Lang* > *Unix/Linux Administration* > l...@afd.cz | +420 731 13 40 40 > AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz >
Re: snooping windows 10 - how to stop it on a linux gateway?
On 05/03/16 07:24, Karel Lang AFD wrote: > Hi all, > > guys, i think everyone heard already about how windows 10 badly treat > its users privacy. My solution to this was to finally rid Windows 7 off my desktop PC - as most of the telemetry has also been 'back ported' to Windows 7 also. You can't stop it. > I'm now thinking about a way howto stop a windows 10 sending these data > mining results to a microsoft telemetry servers and filter it on our SL > 6 linux gateway. Nope. There are no specific servers in use - just general - so whatever you block will end up killing other services. > I think it could be (maybe?) done via DPI (deep packet inspection). I > similarly filter torrent streams on our gateway - i patched standard SL > 6 kernel with 'xtables' (iptables enhancement) and it is working > extremely well. I would be interested to see if you could identify telemetry packets in the flow - but I'm not predicting much success. If you do get it, make sure you let the world know though! > I read (not sure if true) that some DNS resolutions to M$ servers are > even 'hardwired' via some .dll library, so it makes it even harder. Correct. > I'm no windows expert, but i'm and unix administrator concerned about > privacy of windows desktop/laptop users sitting inside my LAN. > > What i'd like to come up is some more general iptables rules, than > blocking specific IP addresses or names, because, apparently they may > change in any incoming windows update ... > > Anyone gave this thought already? Anyone else's concerned the way i am? Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on a few things that I like - so Fedora is a happy medium for me - as I still have the fedora-updates-testing repo enabled. My work laptop as well as my personal laptop - and now my home desktop all run Fedora 23 (KDE Spin if you hate Gnome 3 - like me). -- Steven Haigh Email: net...@crc.id.au Web: https://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897
where do pdf viewers look for sound players?
Hello, I am on Scientific Linux release 6.7 (Carbon) and am trying to embed sound in a beamer presentation. The beamer multimedia package defines a control sequence \sound for the purpose. When I use it, the resulting pdf displays a button to click and the file contains a line /Subtype /Link /A << /S /Sound /Sound 12 0 R /Mix false /Repeat false >> However none of xpdf, evince or acroread will play the specified sound file when the button is clicked. The acroread error message says "Cannot find an appropriate player for the sound", and the less immediately interpretable messages from xpdf and evince presumably come down to the same thing. The system has the "play" command from sox as the default for audio/x-wav files, specified via /etc/mime.types and /etc/mailcap, and running xdg-open file.wav from the command line plays the file. So the pdf viewers are evidently not consulting /etc/mime.types and /etc/mailcap. Does anyone know where they do look for a sound player? Stephen Isard
snooping windows 10 - how to stop it on a linux gateway?
Hi all, guys, i think everyone heard already about how windows 10 badly treat its users privacy. I'm now thinking about a way howto stop a windows 10 sending these data mining results to a microsoft telemetry servers and filter it on our SL 6 linux gateway. I think it could be (maybe?) done via DPI (deep packet inspection). I similarly filter torrent streams on our gateway - i patched standard SL 6 kernel with 'xtables' (iptables enhancement) and it is working extremely well. I read (not sure if true) that some DNS resolutions to M$ servers are even 'hardwired' via some .dll library, so it makes it even harder. I'm no windows expert, but i'm and unix administrator concerned about privacy of windows desktop/laptop users sitting inside my LAN. What i'd like to come up is some more general iptables rules, than blocking specific IP addresses or names, because, apparently they may change in any incoming windows update ... Anyone gave this thought already? Anyone else's concerned the way i am? cheers -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
Re: openssl
On 4 March 2016 at 08:24, Connie Sieh wrote: > I do not think it will. You will notice that there is nothing in that > directory newer than 2012. > > The RHEL support matrix is at > > https://access.redhat.com/support/policy/updates/errata > > If you need errata support for RHEL 4 then I suggest you purchase a RHEL 4 > subscription and "purchase annual Add-on subscriptions called Extended Life > Cycle Support (ELS) that provide similar support to Production Phase 3 > through March 31, 2017" . Red Hat does not publish the srpm to the ELS > support packages in the public ftp area . > That is correct. Fixed RPMS for various security issues are only available through this method. In about 12 months this will be the case for EL5 packages also. > -- > > Connie J. Sieh > Computing Services Specialist III > > Fermi National Accelerator Laboratory > 630 840 8531 office > > http://www.fnal.gov > cs...@fnal.gov > > On Fri, 4 Mar 2016, Paul Casteels wrote: > >> Thanks for the link. I hope it will become available there in a few days.= >> >> >> Kind regards >> Paul Casteels >> > -- Stephen J Smoogen.
Re: openssl
I do not think it will. You will notice that there is nothing in that directory newer than 2012. The RHEL support matrix is at https://access.redhat.com/support/policy/updates/errata If you need errata support for RHEL 4 then I suggest you purchase a RHEL 4 subscription and "purchase annual Add-on subscriptions called Extended Life Cycle Support (ELS) that provide similar support to Production Phase 3 through March 31, 2017" . Red Hat does not publish the srpm to the ELS support packages in the public ftp area . -- Connie J. Sieh Computing Services Specialist III Fermi National Accelerator Laboratory 630 840 8531 office http://www.fnal.gov cs...@fnal.gov On Fri, 4 Mar 2016, Paul Casteels wrote: Thanks for the link. I hope it will become available there in a few days.= Kind regards Paul Casteels
Re: samba and ntfs flash drives ???
On 03/04/2016 03:39 AM, ToddAndMargo wrote: On 03/04/2016 02:59 AM, David Sommerseth wrote: On 04/03/16 11:05, ToddAndMargo wrote: [...snip...] # grep denied /var/log/audit/audit.log type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir These stem from when I was trying to get SeLinux to work on the share. "Test" was a shared directory. "Test" has since been removed. I can browse/use the mount point without issue as long as I do not have an NTFS Flash Drive mounted to it. No mention of /mnt/iso in the above # grep denied /var/log/audit/audit.log | grep iso # You skipped the 'audit2allow' tip I gave you. - cat | audit2allow type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir #= smbd_t == # This avc can be allowed using the boolean 'samba_export_all_rw' allow smbd_t mnt_t:dir write; - See the line " This avc can" ... So just do: # setsebool -P samba_export_all_rw 1 -- kind regards, David Sommerseth # grep denied /var/log/audit/audit.log | grep iso | audit2allow Nothing to do # grep denied /var/log/audit/audit.log | audit2allow #= logrotate_t == allow logrotate_t home_root_t:dir read; allow logrotate_t init_t:service reload; #= smbd_t == # This avc is allowed in the current policy allow smbd_t mnt_t:dir write; # This avc is allowed in the current policy allow smbd_t mnt_t:file getattr; Couldn't figure out what the above meant. As you recommended, I ran # setsebool -P samba_export_all_rw 1 Now W7 says the directory is empty Wait. Hold everything. I was in the wrong iso share. And "# setsebool -P samba_export_all_rw 1" fixed it. And I have full read/wrie too. Yippee! thankyouthankyouthankyouthankyouthankyouthankyouthankyou -- ~~ Computers are like air conditioners. They malfunction when you open windows ~~
Re: samba and ntfs flash drives ???
On 03/04/2016 02:59 AM, David Sommerseth wrote: On 04/03/16 11:05, ToddAndMargo wrote: [...snip...] # grep denied /var/log/audit/audit.log type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir These stem from when I was trying to get SeLinux to work on the share. "Test" was a shared directory. "Test" has since been removed. I can browse/use the mount point without issue as long as I do not have an NTFS Flash Drive mounted to it. No mention of /mnt/iso in the above # grep denied /var/log/audit/audit.log | grep iso # You skipped the 'audit2allow' tip I gave you. - cat | audit2allow type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir #= smbd_t == # This avc can be allowed using the boolean 'samba_export_all_rw' allow smbd_t mnt_t:dir write; - See the line " This avc can" ... So just do: # setsebool -P samba_export_all_rw 1 -- kind regards, David Sommerseth # grep denied /var/log/audit/audit.log | grep iso | audit2allow Nothing to do # grep denied /var/log/audit/audit.log | audit2allow #= logrotate_t == allow logrotate_t home_root_t:dir read; allow logrotate_t init_t:service reload; #= smbd_t == # This avc is allowed in the current policy allow smbd_t mnt_t:dir write; # This avc is allowed in the current policy allow smbd_t mnt_t:file getattr; Couldn't figure out what the above meant. As you recommended, I ran # setsebool -P samba_export_all_rw 1 Now W7 says the directory is empty -- ~~ Computers are like air conditioners. They malfunction when you open windows ~~
Re: samba and ntfs flash drives ???
On 04/03/16 11:05, ToddAndMargo wrote: [...snip...] > # grep denied /var/log/audit/audit.log > type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 > comm="smbd" name="test" dev="dm-1" ino=593703 > scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 > tclass=dir > > These stem from when I was trying to get SeLinux to work > on the share. "Test" was a shared directory. "Test" > has since been removed. > > I can browse/use the mount point without issue as > long as I do not have an NTFS Flash Drive mounted to it. > > No mention of /mnt/iso in the above > # grep denied /var/log/audit/audit.log | grep iso > # You skipped the 'audit2allow' tip I gave you. - cat | audit2allow type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir #= smbd_t == # This avc can be allowed using the boolean 'samba_export_all_rw' allow smbd_t mnt_t:dir write; - See the line " This avc can" ... So just do: # setsebool -P samba_export_all_rw 1 -- kind regards, David Sommerseth
Re: samba and ntfs flash drives ???
On 03/04/2016 01:48 AM, David Sommerseth wrote: On 4 March 2016 09:45:38 CET, ToddAndMargo wrote: Hi All, Google is killing me here! Scientific Linux 7.2, 64 bit $ rpm -qa samba samba-4.2.3-11.el7_2.x86_64 Is there some trick to mounting an NTFS USB flash drive and sharing it with Samba? I am trying to share an NTFS flash drive with samba. If the drive is not mounted, I can do what I want from Windows 7 and XP on the mount point. I have full access. But, when I mount the stick to the mount point and try to browse the mount with W7 or XP, I get "permission denied". Specifically, from the W7 machines samba log: ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user ../source3/smbd/open.c:881(open_file) Error opening file . (NT_STATUS_ACCESS_DENIED) (local_flags=0) (flags=0) I mount suchlike: # mount -t ntfs -rw -o users,exec,sync,uid=todd,gid=users,fmask=000,dmask=000 /dev/sdc1 /mnt/iso (I know I don't need the masks, but I left them there in case they were needed) After mounting: # ls -al /mnt/iso total 1193 drwxrwxrwx. 1 todd users 4096 Mar 3 23:30 . drwxr-xr-x. 13 todd users 4096 Mar 3 21:47 .. -rwxrwxrwx. 1 todd users122 Apr 12 2011 autorun.inf drwxrwxrwx. 1 todd users 4096 Apr 12 2011 boot -rwxrwxrwx. 1 todd users 383786 Apr 12 2011 bootmgr -rwxrwxrwx. 1 todd users 669568 Apr 12 2011 bootmgr.efi drwxrwxrwx. 1 todd users 0 Apr 12 2011 efi -rwxrwxrwx. 1 todd users 106768 Apr 12 2011 setup.exe drwxrwxrwx. 1 todd users 40960 Apr 12 2011 sources drwxrwxrwx. 1 todd users 0 Apr 12 2011 support drwxrwxrwx. 1 todd users 0 Apr 12 2011 upgrade My smb.conf: [iso] comment = mnt on rn1 -- Mount as M: path = /mnt/iso valid users = @users write list = @users force group = users force user = todd oplocks = no level2 oplocks = no strict locking = no blocking locks = no force create mode = create mode = 0777 force directory mode = directory mode = 0777 map system = yes map hidden = yes writable = yes Trying simpler: [iso] comment = mnt on rn1 -- Mount as M: path = /mnt/iso force group = users force user = todd Doesn't work either What am I doing wrong? Many thanks, -T # grep denied /var/log/audit/audit.log If you see something which looks related, pipe them to audit2allow and see what it suggests. Ofen you may get som hints that you need to flip a selinux boolean. -- kind regards, David Sommerseth # grep denied /var/log/audit/audit.log type=AVC msg=audit(1457071461.014:2015): avc: denied { write } for pid=26451 comm="smbd" name="test" dev="dm-1" ino=593703 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=dir These stem from when I was trying to get SeLinux to work on the share. "Test" was a shared directory. "Test" has since been removed. I can browse/use the mount point without issue as long as I do not have an NTFS Flash Drive mounted to it. No mention of /mnt/iso in the above # grep denied /var/log/audit/audit.log | grep iso # :'(
Re: samba and ntfs flash drives ???
On 4 March 2016 09:45:38 CET, ToddAndMargo wrote: >Hi All, > >Google is killing me here! > >Scientific Linux 7.2, 64 bit > >$ rpm -qa samba >samba-4.2.3-11.el7_2.x86_64 > >Is there some trick to mounting an NTFS USB flash drive and >sharing it with Samba? > >I am trying to share an NTFS flash drive with samba. >If the drive is not mounted, I can do what I want >from Windows 7 and XP on the mount point. I have >full access. > >But, when I mount the stick to the mount point and >try to browse the mount with W7 or XP, I get "permission >denied". Specifically, from the W7 machines samba log: > > ../source3/smbd/uid.c:384(change_to_user) > Skipping user change - already user > > ../source3/smbd/open.c:881(open_file) > Error opening file . (NT_STATUS_ACCESS_DENIED) > (local_flags=0) (flags=0) > >I mount suchlike: > ># mount -t ntfs -rw -o >users,exec,sync,uid=todd,gid=users,fmask=000,dmask=000 /dev/sdc1 >/mnt/iso > >(I know I don't need the masks, but I left them there in case >they were needed) > >After mounting: ># ls -al /mnt/iso > >total 1193 >drwxrwxrwx. 1 todd users 4096 Mar 3 23:30 . >drwxr-xr-x. 13 todd users 4096 Mar 3 21:47 .. >-rwxrwxrwx. 1 todd users122 Apr 12 2011 autorun.inf >drwxrwxrwx. 1 todd users 4096 Apr 12 2011 boot >-rwxrwxrwx. 1 todd users 383786 Apr 12 2011 bootmgr >-rwxrwxrwx. 1 todd users 669568 Apr 12 2011 bootmgr.efi >drwxrwxrwx. 1 todd users 0 Apr 12 2011 efi >-rwxrwxrwx. 1 todd users 106768 Apr 12 2011 setup.exe >drwxrwxrwx. 1 todd users 40960 Apr 12 2011 sources >drwxrwxrwx. 1 todd users 0 Apr 12 2011 support >drwxrwxrwx. 1 todd users 0 Apr 12 2011 upgrade > >My smb.conf: > >[iso] > comment = mnt on rn1 -- Mount as M: > path = /mnt/iso > valid users = @users > write list = @users > force group = users > force user = todd > oplocks = no > level2 oplocks = no > strict locking = no > blocking locks = no > force create mode = > create mode = 0777 > force directory mode = > directory mode = 0777 > map system = yes > map hidden = yes > writable = yes > >Trying simpler: > [iso] > comment = mnt on rn1 -- Mount as M: > path = /mnt/iso > force group = users > force user = todd >Doesn't work either > >What am I doing wrong? > >Many thanks, >-T # grep denied /var/log/audit/audit.log If you see something which looks related, pipe them to audit2allow and see what it suggests. Ofen you may get som hints that you need to flip a selinux boolean. -- kind regards, David Sommerseth
samba and ntfs flash drives ???
Hi All, Google is killing me here! Scientific Linux 7.2, 64 bit $ rpm -qa samba samba-4.2.3-11.el7_2.x86_64 Is there some trick to mounting an NTFS USB flash drive and sharing it with Samba? I am trying to share an NTFS flash drive with samba. If the drive is not mounted, I can do what I want from Windows 7 and XP on the mount point. I have full access. But, when I mount the stick to the mount point and try to browse the mount with W7 or XP, I get "permission denied". Specifically, from the W7 machines samba log: ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user ../source3/smbd/open.c:881(open_file) Error opening file . (NT_STATUS_ACCESS_DENIED) (local_flags=0) (flags=0) I mount suchlike: # mount -t ntfs -rw -o users,exec,sync,uid=todd,gid=users,fmask=000,dmask=000 /dev/sdc1 /mnt/iso (I know I don't need the masks, but I left them there in case they were needed) After mounting: # ls -al /mnt/iso total 1193 drwxrwxrwx. 1 todd users 4096 Mar 3 23:30 . drwxr-xr-x. 13 todd users 4096 Mar 3 21:47 .. -rwxrwxrwx. 1 todd users122 Apr 12 2011 autorun.inf drwxrwxrwx. 1 todd users 4096 Apr 12 2011 boot -rwxrwxrwx. 1 todd users 383786 Apr 12 2011 bootmgr -rwxrwxrwx. 1 todd users 669568 Apr 12 2011 bootmgr.efi drwxrwxrwx. 1 todd users 0 Apr 12 2011 efi -rwxrwxrwx. 1 todd users 106768 Apr 12 2011 setup.exe drwxrwxrwx. 1 todd users 40960 Apr 12 2011 sources drwxrwxrwx. 1 todd users 0 Apr 12 2011 support drwxrwxrwx. 1 todd users 0 Apr 12 2011 upgrade My smb.conf: [iso] comment = mnt on rn1 -- Mount as M: path = /mnt/iso valid users = @users write list = @users force group = users force user = todd oplocks = no level2 oplocks = no strict locking = no blocking locks = no force create mode = create mode = 0777 force directory mode = directory mode = 0777 map system = yes map hidden = yes writable = yes Trying simpler: [iso] comment = mnt on rn1 -- Mount as M: path = /mnt/iso force group = users force user = todd Doesn't work either What am I doing wrong? Many thanks, -T -- ~~ Computers are like air conditioners. They malfunction when you open windows ~~
Re: openssl
Thanks for the link. I hope it will become available there in a few days. Kind regards Paul Casteels