Hi all,
I have just put my VM 5.1 into production and try to find out how the
old 'performance monitor' and 'real time monitor' are combined into the
new z/VM Performance Toolkit.
The performance data are now visible with the RMF tool - well known in
the z/OS area. I found the Linux and Windows
All that stuff, initially sounded good.
But, it turns out to be the mirror image of what I was actually trying
to do.
That is, to prevent a set of users from browsing all sorts of
directories that are not their own.
By using the .profile.local, I can put a 'umask 117' to eliminate any
created
Read the Bash man page about the Restricted Shell option. That should do
exactly what you want.
It used to be as simple as specifying /bin/rsh as the default shell for users
in passwd, but the last time I tried that it didn't work, and I forget why.
The option is still there though, you just
On Fri, 20 May 2005 10:12:15 -0500, Tom Duerbusch wrote:
So, is there any way to restrict a Linux user from being able to CD
away from their home directory? That would really be great.
Tom Duerbusch
THD Consulting
First, I am not a Linux user, so take this with a LARGE grain of salt.
For
See if the following gives you any ideas:
http://www.tjw.org/chroot-login-HOWTO/
It appears, on first reading, to force a user into a chroot jail that
consists of their home directory.
--
John McKown
Senior Systems Programmer
UICI Insurance Center
Information Technology
This message
The cd command is built into the shell, so there is no /bin/cd.
Interesting story: originally Ken and Dennis didn't realize that cd needed to
be built into the shell. It took them a while to realize that since each
process has a current directory the cd command that they wrote didn't have any
Chroot is a little extreme. It locks the user into a completely isolated
subset of the filesystem, which means he has to have his own copies of any
files he might need to run. His PATH can't look outside the jail. This might
be okay for single-function daemons, but it could be a nightmare
The reason that restricted shells are not used much is that they don't really
enhance security. Not being able to cd to /etc does not prevent someone from
doing a 'cat /etc/passwd'. The real answer to security is to set the
permission bits on directories that you want to protect, or if you
That would work but I do need them to be able to CD to their
subdirectories.
Tom Duerbusch
THD Consulting
Lloyd Fuller [EMAIL PROTECTED] 05/20/05 10:21 AM
On Fri, 20 May 2005 10:12:15 -0500, Tom Duerbusch wrote:
First, I am not a Linux user, so take this with a LARGE grain of salt.
For
You're right, it's not an ideal solution, but based on my (quick) read of what
he was looking for, the restricted shell sounded like what he's after.
It might not provide much protection against a sophisticated user, but it's
useful for keeping casual or single application users from poking
Don't confuse ignorance with security. The person you want to stop will be the
person that knows what you've done and how to get around it.
--
Robert P. Nix Mayo Foundation
RO-CE-8-857 200 First Street SW
507-284-0844Rochester, MN 55905
-
In theory, theory
...which pretty much blows out the restricted shell idea. I vaguely recall
when I first used it on real UNIX, it DID let you cd BELOW your home directory,
but the current incarnation in bash doesn't let you cd at ALL.
You can MAKE subdirectories, but you can't access them. Weird. You also
The only thing that's going to stop a knowledgable shell user from causing
trouble is the security that's built into the OS, and that's only if it's set
up properly. Even then, there are plenty of ways to cause trouble. Linux
isn't zOS, and there are still ways to cripple THAT if you know
I've got a strange one here.
I have a working copy of SLES9 running under VM. ssh works fine from this
server.
I shut it down and cloned it to another server, changing only about a dozen
configuration files necessary to make it have its own unique identity,
including creating new ssh keys in
This may seem like a dumb question, but is lnx3 resolving to the right
server? Maybe you're connecting to a different system.
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of
Wolfe, Gordon W
Sent: Friday, May 20, 2005 12:59 PM
To:
Wolfe, Gordon W wrote:
I've got a strange one here.
I have a working copy of SLES9 running under VM. ssh works fine from this
server.
I shut it down and cloned it to another server, changing only about a dozen
configuration files necessary to make it have its own unique identity,
including
The /etc/hosts file is the same on both servers. Pinging lnx3 on both
servers gives the same ip address.
A statesman is a dead politician. Lord knows we need more statesmen!
--Berkeley Breathed
Gordon Wolfe, Ph.D. Boeing Shared Services Group
Enterprise Servers VM Technical Services
Here is the procedure. Warning, you kind of have to know what these
commands are and how to use them. Don't just key them in
Adding vdisk swap space on a system that didn't have the FBA driver
installed
SLES8 only
1. Swapgen 393 144000 (diag
2. cat /proc/dasd/devices
3. df
4. echo 'add
Tom,
One item worth pointing out:
9. modprope dasd_diag_mod
I believe the diagnose driver will work on a 31-bit SLES9, but not on a
64-bit version, which must use the FBA driver.
17. joe kerneladd dasd_diag_mod to INITRD_MODULES
INITRD_MODULES=jbd ext3 dasd_diag_mod
So then this
What kind of information does NETSNMP provide? I have looked at what I
can find on Sourceforge, but I'm not getting a lot out of it.
Thanks,
Jon
snip
In looking at my many options for data acquisition from
Linux, there is really NO comparison to what is provided
by NETSNMP. This
I also think you are right.
But no 64 bit here, and hasn't been tested on SLES9. But another point
worth considering when someone is trying to use someone else's
procedures.
Tom Duerbusch
THD Consulting
[EMAIL PROTECTED] 05/20/05 1:44 PM
Tom,
One item worth pointing out:
9. modprope
21 matches
Mail list logo